Sean Lyngaas – Page 54 – WindowsTechs.com

Senior DHS cyber official Jeanette Manfra to step down

Posted on November 20, 2019 by Sean Lyngaas

Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined […]

The post Senior DHS cyber official Jeanette Manfra to step down appeared first on CyberScoop.

Continue reading Senior DHS cyber official Jeanette Manfra to step down→

20-year-old Chicago man charged with writing code to spread ISIS propaganda

Posted on November 19, 2019 by Sean Lyngaas

U.S. authorities have arrested a 20-year-old Chicago man for allegedly writing computer code to help the Islamic State terrorist group spread propaganda. Thomas Osadzinski, a student at DePaul University, is accused of writing a computer script to make ISIS propaganda more accessible to social media users. U.S. prosecutors charged Osadzinski with one count of attempting to provide material support to a foreign terrorist group. A criminal complaint alleges Osadzinski shared the script and instructions on using it earlier this year with people he thought were ISIS supporters. Osadizinski told undercover FBI agents that he was in the process of creating a custom Gentoo Linux system that was solely to be used by ISIS members, according to the complaint. Osadzinski made a brief appearance in court Tuesday and was ordered to be held without bond. His detention hearing is set for Friday. Steve Greenberg, Osadzinski’s attorney, denied that his client had broken any laws. “This is […]

The post 20-year-old Chicago man charged with writing code to spread ISIS propaganda appeared first on CyberScoop.

Continue reading 20-year-old Chicago man charged with writing code to spread ISIS propaganda→

Citing security concerns, senators call on White House to appoint coordinator for 5G issues

Posted on November 19, 2019 by Sean Lyngaas

A bipartisan group of senators wants the Trump administration to appoint a top official to coordinate policy for issues related to 5G communications, saying the current marketplace for the technology poses an “unprecedented security challenge” to the U.S. and its allies. “China’s leadership [in 5G], combined with the United States’ increased reliance on high-speed, reliable telecommunications services to facilitate both commerce and defense, poses a strategic risk for the country,” the senators wrote Tuesday to White House national security adviser Robert O’Brien, advising him to tap a senior official to coordinate 5G policy across federal agencies. The chairman and ranking member of Senate committees dealing with intelligence, foreign relations, defense and homeland security all signed the letter. U.S. officials have long fretted that Chinese telecommunications companies like Huawei are in prime position to shape 5G deployments around the world. Those networks, which promise must faster connectivity, would be ripe for Chinese […]

The post Citing security concerns, senators call on White House to appoint coordinator for 5G issues appeared first on CyberScoop.

Continue reading Citing security concerns, senators call on White House to appoint coordinator for 5G issues→

Antivirus companies, anti-abuse nonprofits join forces to combat stalkerware

Posted on November 19, 2019 by Sean Lyngaas

An array of businesses and nonprofits are stepping up their efforts to counter “stalkerware,” the surveillance software that has been linked with domestic abuse. The Coalition Against Stalkerware, unveiled Tuesday, comprises antivirus companies Avira, Kaspersky, and Malwarebytes; digital rights group Electronic Frontier Foundation; and organizations such as the National Network to End Domestic Violence. The initiative draws attention to shady mobile apps that are advertised to monitor workplaces or children but are often used by abusive spouses or partners. The cybersecurity industry has traditionally not flagged such apps as malicious, but there is a growing effort to do so. For now, the coalition is offering its website to educate the public on stalkerware and to exchange ideas on ethical software development. Organizers are aiming to grow the coalition into a forum for law enforcement, corporations, and nonprofits to collaborate in countering stalkerware. The coalition’s website will also offer a list […]

The post Antivirus companies, anti-abuse nonprofits join forces to combat stalkerware appeared first on CyberScoop.

Continue reading Antivirus companies, anti-abuse nonprofits join forces to combat stalkerware→

Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program

Posted on November 15, 2019 by Sean Lyngaas

After years of getting pummeled by critics for not embracing ethical hacking, the country’s biggest voting equipment vendors took a big step in that direction in September. They asked the cybersecurity community for ideas on how to set up a process through which researchers could flag software flaws for vendors to fix. Companies that specialize in coordinated vulnerability disclosure (CVD) programs like Bugcrowd and Synack responded to the request for information. But the usual suspects weren’t the only entities to submit ideas. A Democratic presidential candidate and one of the most outspoken voices in the Senate on election security also chimed in. In a four-page letter to the industry association establishing the CVD program, Sen. Amy Klobuchar, D-Minn., advised the voting-gear vendors to ditch their reservations about working with unvetted researchers, pay close attention to their supply chains, and set a timeline for getting software bugs fixed. “[V]oting system manufacturers […]

The post Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program appeared first on CyberScoop.

Continue reading Klobuchar to voting vendors: Don’t turn your back on good hackers when setting up a CVD program→

APT33 has used botnets to infect targets in the U.S. and Middle East, researchers say

Posted on November 14, 2019 by Sean Lyngaas

An Iranian government-linked hacking group has in the last year been using small clusters of hijacked computers to infect a handful of targets that include a U.S. national security firm and a university, researchers said Thursday. The Iranian group, dubbed APT33, is using the botnets — groups of computers commandeered by attackers — in “extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia,” cybersecurity company Trend Micro said. Botnets are often comprised of a large number of machines. But in this case, the Iranian hackers are using just a dozen computers per botnet to deliver their malware and get persistence access on a network, according to the researchers. The Iranian hackers also set up their own virtual private network with “exit nodes” that change frequently, Trend Micro said. The researchers say they have been tracking those VPN nodes for over a year, but the group has […]

The post APT33 has used botnets to infect targets in the U.S. and Middle East, researchers say appeared first on CyberScoop.

Continue reading APT33 has used botnets to infect targets in the U.S. and Middle East, researchers say→

‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Posted on November 13, 2019 by Sean Lyngaas

Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them. Participants, which will also include natural gas companies […]

The post ‘GridEx’ offers stiff security test for an industry that welcomes the challenge appeared first on CyberScoop.

Continue reading ‘GridEx’ offers stiff security test for an industry that welcomes the challenge→

UK’s Labour Party says it has repelled a DDoS attack

Posted on November 12, 2019 by Sean Lyngaas

The United Kingdom’s Labour Party says it has fended off a large distributed denial-of-service attack on the party’s digital platforms as it prepares for a general election. Labour leader Jeremy Corbyn said the attack occurred on Monday, calling it “very serious,” and potentially “a sign of things to come.” There was no indication that any Labour Party data had been compromised, he said. “The attack was actually repulsed because we have an effective, in-house-developed system by people within our party,” Corbyn told reporters Tuesday. A DDoS attack floods servers with junk traffic in an attempt to knock them offline. It is a brute-force measure that election officials around the world will have to be mindful of as they look to keep digital platforms that inform voters online. It was not immediately clear who was responsible for the DDoS attack. Corbyn said an investigation was ongoing and that his party had […]

The post UK’s Labour Party says it has repelled a DDoS attack appeared first on CyberScoop.

Continue reading UK’s Labour Party says it has repelled a DDoS attack→

Microsoft says it will apply California privacy law across the country

Posted on November 11, 2019 by Sean Lyngaas

Microsoft on Monday said it would apply the privacy protections stipulated in a relatively stringent California law to customers across the U.S. in an effort to push other states to adopt similar measures. “We are optimistic that the California Consumer Privacy Act [CCPA]— and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.,” Julie Brill, Microsoft’s chief privacy officer, wrote in a blog post. The CCPA, which will take effect Jan. 1, 2020, gives Californians the right to know the personal data companies are collecting on them, and the ability to stop that data from being sold to third parties. The law is controversial. An independent assessment warned that complying with the law would initially cost companies $55 billion. The Internet Association, a trade group of big tech companies that includes […]

The post Microsoft says it will apply California privacy law across the country appeared first on CyberScoop.

Continue reading Microsoft says it will apply California privacy law across the country→