Patrick O’Neill – WindowsTechs.com

Top Women in Cybersecurity: Masha Sedova

Posted on March 16, 2017 by Patrick O'Neill

Masha Sedova, Co-founder, Elevate Security The human factor is maybe the biggest unsolved problem in cybersecurity. How do you fix people so they can do security more effectively? How do you fix security so it fits people better? Masha Sedova ran the team whose job it was to change security behavior at Salesforce from 2012 until Dec. 2016. At the end of the year, she co-founded Elevate Security, where she tests user behavior and puts them on campaigns to practice new security behavior. Can you talk about where we are today versus where we were then on human behavior and awareness and cybersecurity? It seems like a different environment but what have you seen actually working on this? It’s been slower than I’d like it to be. Security professionals have been trying to solve the people problem for decades. We’re not very good at it. We’re really good at security, we’re not […]

The post Top Women in Cybersecurity: Masha Sedova appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Masha Sedova→

Top Women in Cybersecurity: Amanda Rousseau

Posted on March 16, 2017 by Patrick O'Neill

Amanda Rousseau, Malware Researcher, Endgame Amanda Rousseau’s job puts her knee deep in the guts of malware. A research engineer at Endgame, Rousseau’s history includes two years at the Department of Defense Cyber Crime Center as a malware reverse engineer and computer forensic examiner. Malware is weird and ever changing, so we talked to Rosseau about exactly what she’s seen and where she’s looking next. What’s the most interesting or powerful malware you’ve seen? I actually have a couple of my favorites. They’re all APT malware. Everyone knows Stuxnet and Flame from the same creators, some of the most advanced malware out there. I particularly like the more multi-platform type of malware, kind of like the Careto mask. It was a multi-stage attack, it had payloads for both Windows and OS X and it could be run on Linux as well. I thought that was quite interesting. These guys thought about going after whatever environments a […]

The post Top Women in Cybersecurity: Amanda Rousseau appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Amanda Rousseau→

Top Women in Cybersecurity: Jessy Irwin

Posted on March 16, 2017 by Patrick O'Neill

Jessy Irwin, VP of Privacy and Security, Mercury LLC If you’ve ever been too an information security conference, you’ve probably seen a t-shirt that said, “there’s no patch for human stupidity.” That iffy diss—and lame t-shirt—about sums up the icy tone the security community has taken over the last few decades when it comes to users. Figuring out a newer and more effective approach is the burgeoning field in which Jessy Irwin, the vice president of privacy and security at Mercury, works. Instead of the same old people talking down to users, Irwin advocates for the “weirdest and most strange, diverse groups of people” at work in security, all the better to deal with the weird, strange and diverse users that end up with the products they build. Why are security professionals so bad at the human question? I think people are bad at the ‘people’ question. I think much of […]

The post Top Women in Cybersecurity: Jessy Irwin appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Jessy Irwin→

At the dawn of connected vehicle networks, cybersecurity challenges remain

Posted on March 15, 2017 by Patrick O'Neill

After decades of buildup, the dawn of the smart city is within sight. The biggest connected-vehicle pilot programs in the world are ramping up right now across the United States. But experts still have grave concerns about the cybersecurity and ultimately the safety of this expanding technology. The timetable is imminent. New York City, Wyoming and Tampa have been the sites of the federally approved Connected Vehicle Pilot Deployment Program since launch in 2015. Bidding on contracts to expand New York’s program — which set a goal of more than 8,000 connected vehicles and 350 roadside units to match the connected 12,400 traffic signals already deployed — is expected to be announced this month. Over the next two years, all three of the programs plan to be fully operating. The long-term goals are grandiose and the forecast is clear: Nearly everything on every road in America will one day be connected, tracked and to some extent […]

The post At the dawn of connected vehicle networks, cybersecurity challenges remain appeared first on Cyberscoop.

Continue reading At the dawn of connected vehicle networks, cybersecurity challenges remain→

At the dawn of connected vehicle networks, cybersecurity challenges remain

Posted on March 15, 2017 by Patrick O'Neill

The post At the dawn of connected vehicle networks, cybersecurity challenges remain appeared first on Cyberscoop.

Continue reading At the dawn of connected vehicle networks, cybersecurity challenges remain→

WhatsApp and Telegram vulnerabilities allowed attackers to hijack accounts

Posted on March 15, 2017 by Patrick O'Neill

Vulnerabilities in the security of WhatsApp and Telegram were announced Wednesday by researchers at Check Point Security in the midst of greater attention being placed on the security of messaging apps with billions of users. WhatsApp and Telegram’s web versions were vulnerable to phishing attacks that could have allowed hackers to take over a target’s account from which they could access all conversations, files and contacts. The vulnerabilities were disclosed on March 7 and have been fixed on both platforms, according to the researchers. Web versions of secure chat apps — Signal, considered among experts today’s top secure messenger, also offers a browser version — are widely thought to be significantly less secure than the mobile apps due to the inherent insecurity in browsers. They’re immensely convenient for some users, however, and will likely remain in use as long as they’re offered. Shortly after the Checkpoint made its announcement, Telegram issued a clarification […]

The post WhatsApp and Telegram vulnerabilities allowed attackers to hijack accounts appeared first on Cyberscoop.

Continue reading WhatsApp and Telegram vulnerabilities allowed attackers to hijack accounts→

Women paid less than men at every level of cybersecurity industry, report says

Posted on March 15, 2017 by Patrick O'Neill

Women make up just 11 percent of the global cybersecurity workforce and earn less than their male counterparts at every level in the cybersecurity industry, according to newly released research from the 2017 Global Information Security Workforce Study. Those diversity levels are the same rates seen in 2013 and point to proof of long-term stagnation in the industry’s gender gap. The new study, sponsored by a stable of tech firms and authored by the research firm Frost & Sullivan, surveyed 19,641 respondents from 170 countries. Released coinciding with Women’s History Month, its authors claim this is the largest study of the information security industry ever conducted. The survey’s findings, which echo other recent studies, bear out in detail the chasm that exists between men and women in cybersecurity. Men are four times more likely to hold executive-level positions and nine times more likely to hold managerial positions than women. 51 percent of female respondents said they’d […]

The post Women paid less than men at every level of cybersecurity industry, report says appeared first on Cyberscoop.

Continue reading Women paid less than men at every level of cybersecurity industry, report says→

Despite open jobs, veterans face problems landing civilian cybersecurity roles

Posted on March 13, 2017 by Patrick O'Neill

Jumping from the military or intelligence community to private sector cybersecurity firms is a career track everyone knows about but surprisingly few have actually done. Low morale at places like the National Security Agency and high salaries outside of government drive personnel away from Washington D.C. and into the waiting arms of Silicon Valley. But it’s not always a simple jump, especially for military veterans trying to find their way into the booming industry. Coming from a world that’s often indecipherable to civilians, veterans face a mountain of challenges entering the cybersecurity workforce despite over one million vacant cybersecurity jobs existing as of 2015, a number that illustrates an industry begging for new talent. In the U.S. military, career progression doesn’t require the certifications and academic degrees that are highly valued in the private sector. There is often no clear cybersecurity career path available when serving. Companies like Cyber Warrior Network, […]

The post Despite open jobs, veterans face problems landing civilian cybersecurity roles appeared first on Cyberscoop.

Continue reading Despite open jobs, veterans face problems landing civilian cybersecurity roles→

Confide, the White House’s favorite messaging app, has multiple critical vulnerabilities

Posted on March 8, 2017 by Patrick O'Neill

Confide, the messaging app pitched as a secure communications platform for Washington D.C.’s most high powered political operatives, is finally under the security microscope. Security researchers at Seattle-based IOActive found multiple critical vulnerabilities in Confide after it underwent a security audit for the first time in February. Several of the critical vulnerabilities impacting Confide, which employs no cryptography specialists on its development team, include leaking decrypted messages to attackers. Although the app has been pushed to headlines by a three-year long marketing operation, the audit was the first time Confide’s team dealt with researchers taking the app apart. That means the vulnerabilities may have existed for years even as journalists and White House operatives used Confide for secure messaging. IOActive researchers have privately told industry colleagues for several weeks to stop using Confide immediately. Ryan O’Horo, a managing security consultant for IOActive, appeared to call the vulnerabilities the most shocking security failures he’d seen in […]

The post Confide, the White House’s favorite messaging app, has multiple critical vulnerabilities appeared first on Cyberscoop.

Continue reading Confide, the White House’s favorite messaging app, has multiple critical vulnerabilities→

WikiLeaks dump does not say CIA compromised Signal or WhatsApp

Posted on March 7, 2017 by Patrick O'Neill

When WikiLeaks posted thousands of documents on Tuesday allegedly the Central Intelligence Agency, it came with a press release claiming the CIA could “bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman [sic]” by hacking the iPhones and Androids the apps run on to collect the communications before encryption is applied and sent to the recipient. This paragraph led to outlets like the New York Times to write confusing and misleading reports claiming that “the CIA. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram.” The outlet later said they deleted tweets that referenced the claim, but the story remains unchanged. We deleted this earlier tweet to the article to provide more context. https://t.co/uQ73DIX6VH pic.twitter.com/wNjWx9l978 — The New York Times (@nytimes) March 7, 2017 The truth, according to the latest WikiLeaks documents, is that the CIA’s Engineering Development Group […]

The post WikiLeaks dump does not say CIA compromised Signal or WhatsApp appeared first on Cyberscoop.

Continue reading WikiLeaks dump does not say CIA compromised Signal or WhatsApp→