Sean Lyngaas – Page 60 – WindowsTechs.com

VMware announces plans to acquire Carbon Black for $2.1 billion

Posted on August 22, 2019 by Sean Lyngaas

Enterprise software giant VMware on Thursday said it would acquire endpoint security company Carbon Black in a move to bolster its security offerings and ability to detect advance cyberthreats. The all-cash transaction will be for $21 a share for a total enterprise value of $2.1 billion. VMware, a roughly 24,000-person company based in Palo Alto, California, sells hypervisors and other virtualizing technologies to corporations and to federal agencies. Carbon Black, which went public last year, uses cloud computing to analyze and defend against threats to endpoints like mobile devices. VMware CEO Pat Gelsinger called the acquisition a “huge step forward in security” that will allow his firm to deliver “an enterprise-grade platform to administer and protect workloads.” “The current cybersecurity industry is simply broken and ineffective,” Gelsinger asserted in an investor call touting the acquisition. He made the case that the acquisition of Waltham, Massachusetts-based Carbon Black would give VMware greater visibility […]

The post VMware announces plans to acquire Carbon Black for $2.1 billion appeared first on CyberScoop.

Continue reading VMware announces plans to acquire Carbon Black for $2.1 billion→

U.S. charges five in scheme to swindle millions from military personnel

Posted on August 21, 2019 by Sean Lyngaas

The U.S. Department of Justice on Wednesday announced the indictment of three Americans, an Australian, and a South Korean for their alleged involvement in a plot to steal millions of dollars from current and former American military personnel. The scheme targeted thousands of people, many of whom were elderly or disabled, and involved the compromise of a U.S. Defense Department portal that military members use to access their benefits online, law enforcement officials said. Robert Wayne Boling Jr., Frederick Brown, Trorice Crawford, Allan Albert Kerr, and Jongmin Seok were charged with multiple counts of conspiracy, wire fraud, and aggravated identity theft. Three of the accused were arrested in the Philippines, while the other two were apprehended in the U.S. Lawyers for the defendants could not be reached for comment. The fraud operation allegedly began in 2014, when one defendant, Brown, was working as a “medical records technician” at a U.S. Army base […]

The post U.S. charges five in scheme to swindle millions from military personnel appeared first on CyberScoop.

Continue reading U.S. charges five in scheme to swindle millions from military personnel→

Chinese spies have their sights on cancer research

Posted on August 21, 2019 by Sean Lyngaas

After China’s cancer rate surged in recent years, Chinese authorities went looking for an answer to the problem. They appear to have found a useful tool in the country’s cyber capabilities. Over the last two years, Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions, cybersecurity company FireEye said in a report published Wednesday. In at least one case, more than one group has gone after the same organization — evidence of a relentless pursuit of research data. “It makes sense when you look at the larger context that China’s operating in,” said Luke McNamara, principal analyst at FireEye, referring to the cancer scourge in China and the resulting social costs. In one incident in April, Chinese hackers targeted a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT41 spearphished employees of […]

The post Chinese spies have their sights on cancer research appeared first on CyberScoop.

Continue reading Chinese spies have their sights on cancer research→

As homomorphic encryption gains steam, experts search for standards

Posted on August 20, 2019 by Sean Lyngaas

Encryption has always been a battle line in cyberspace. Attackers try to break it; defenders reinforce it. The next front in that struggle is something known as homomorphic encryption, which scrambles data not just when it is at rest or in transit, but when it is being used. The idea is to not have to decrypt sensitive financial or healthcare data, for example, in order to run computations with it. Defenders are trying to get ahead of attackers by locking down data wherever it lies. The latest step in homomorphic encryption’s decade-long journey from dream to adoption was a standards meeting over the weekend of representatives from Google, Intel, and Microsoft, along with academics from around the world. While previous meetings focused on the specifics of algorithms, this fourth meeting included more talk of pursuing homomorphic encryption standards at a handful of global bodies, according to Intel’s Casimir Wierzynski, who […]

The post As homomorphic encryption gains steam, experts search for standards appeared first on CyberScoop.

Continue reading As homomorphic encryption gains steam, experts search for standards→

Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs

Posted on August 15, 2019 by Sean Lyngaas

Voting-equipment vendors expressed interest Thursday in establishing a program for the coordinated disclosure of hardware and software vulnerabilities in their equipment — a practice common in other industries and long championed by security experts. An industry group offered support for a voluntary coordinated vulnerability disclosure (CVD) process that collaborates with ethical hackers to fix equipment flaws faster. The move comes as some security researchers and policymakers have criticized the industry’s big vendors for being slow to embrace ethical hacking. The commitment to work with “good-faith researchers marks a significant turn in industry-wide thinking,” says a white paper issued by the Elections Industry-Special Interest Group (EI-SIG), part of the IT-Information Sharing and Analysis Center. The group includes the country’s three largest vendors — Dominion Voting Systems, Election Systems & Software (ES&S), and Hart InterCivic. Perhaps the biggest challenge to establishing a CVD program will be aligning it with a federal testing and certification system — […]

The post Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs appeared first on CyberScoop.

Continue reading Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs→

Microsoft patches two critical vulnerabilities comparable to BlueKeep

Posted on August 13, 2019 by Sean Lyngaas

Microsoft on Tuesday released fixes for two critical vulnerabilities in a popular Windows program that could allow hackers to remotely execute code on machines that would let them install their own programs, delete or alter data, or set up their own user accounts. The vulnerabilities are “wormable,” meaning that malware exploiting them could be used to move between vulnerable computers without user interaction. That puts them in the same category as another serious Windows flaw, BlueKeep, which was announced in May, and the vulnerability exploited in the 2017 WannaCry ransomware outbreak. Like BlueKeep, which many users have not patched, the latest vulnerabilities are in Remote Desktop Services, a Windows program that grants remote access to computers for administrative purposes. WannaCry, which the U.S. government says was the work of North Korean hackers, caused billions of dollars in damage while infecting computers in 150 countries. There is no public documentation of BlueKeep being exploited in the wild, but […]

The post Microsoft patches two critical vulnerabilities comparable to BlueKeep appeared first on CyberScoop.

Continue reading Microsoft patches two critical vulnerabilities comparable to BlueKeep→

DEF CON Voting Village matures as industry keeps its distance

Posted on August 12, 2019 by Sean Lyngaas

The third annual Voting Village at the DEF CON hacking conference was a little different than years past. There were more machines to play with and more election personnel wandering around. And nobody publicly cursed out state officials or vendors. Attendees seemed buoyed by the fact that they were helping secure the 2020 election, which U.S. officials warn will again draw foreign interference attempts. “We have more people who are comfortable, immediately wanting to rip things apart and see how they work,” cryptologist Matt Blaze said with satisfaction. He was taking a rest in the corner of the village — a room in Las Vegas’ Planet Hollywood hotel littered with voting equipment — from the exertions of helping organize the gathering. “We don’t care if you break anything, as long as you’re doing it in an interesting way,” Blaze, a professor at Georgetown University, told CyberScoop. Across the room was Stephen Crane, […]

The post DEF CON Voting Village matures as industry keeps its distance appeared first on CyberScoop.

Continue reading DEF CON Voting Village matures as industry keeps its distance→

Feds plan to use SecureDrop as a vulnerability reporting portal

Posted on August 9, 2019 by Sean Lyngaas

The U.S. government is experimenting with a secure and anonymous portal for reporting software vulnerabilities to encourage closer collaboration with ethical hackers. The initiative is a recognition of the lingering reluctance that some security researchers have felt in flagging bugs for federal officials, despite a longstanding program run by the Department of Homeland Security. The project would use SecureDrop, the open-source software that some news organizations rely on for anonymous tips, to submit vulnerability information. It is aimed at the tinkerers and hackers who, out of fear – whether founded or not – of legal repercussions, do not report the bugs they find. “We don’t know how many people are withholding [vulnerabilities]….or monetizing because they have no other avenue” to report them, said Jeff Moss, a backer of the project and the founder of the DEF CON hacking conference, where the initiative was announced Friday. The plan is for DEF […]

The post Feds plan to use SecureDrop as a vulnerability reporting portal appeared first on CyberScoop.

Continue reading Feds plan to use SecureDrop as a vulnerability reporting portal→

Meet APT41, the Chinese hackers moonlighting for personal gain

Posted on August 7, 2019 by Sean Lyngaas

Members of a Chinese-state-sponsored hacking group have been using their skills to enrich themselves for years in operations targeting the gaming industry, cybersecurity company FireEye announced Wednesday. By day, the group, dubbed APT41, conducts espionage in the health care, telecommunications, and education sectors, FireEye said. By night, those same hackers have manipulated virtual currency in the gaming sector and, in one case, tried to deploy ransomware, to line their pockets. In a first for China-based group, the company said, the hackers are using malware typically reserved for spying for personal gain. “Their aggressive and persistent operations for both espionage and cybercrime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries,” said Sandra Joyce, FireEye’s senior vice president of global threat intelligence. APT41’s unveiling comes as the U.S. and China are locked in a bitter trade dispute, and after years of U.S. officials alleging that the […]

The post Meet APT41, the Chinese hackers moonlighting for personal gain appeared first on CyberScoop.

Continue reading Meet APT41, the Chinese hackers moonlighting for personal gain→