Author Archives: Shannon Vavra

Twitter introduces banner debunking voter misinformation

Posted on by

Twitter launched a feature on its platform Monday that seeks to debunk misinformation about voting in a last minute effort to inform users of weaponized information operations. The feature, which appears as a a banner that greets Twitter users at the top of their feeds, already had a message for American voters Monday: People are spreading misinformation about election fraud and voting by mail. “You might encounter misleading information about voting by mail,” the banner reads. “Election experts confirm that voting by mail is safe and secure, even with an increase in mail-in ballots. Even so you might encounter unconfirmed claims that voting by mail leads to election fraud ahead of the 2020 US elections.” President Donald Trump has claimed without evidence that voting by mail is linked with fraud, when in reality mail-in ballot fraud-related cases are extremely rare. The announcement of the Twitter feature is just the latest effort from social […]

The post Twitter introduces banner debunking voter misinformation appeared first on CyberScoop.

Continue reading Twitter introduces banner debunking voter misinformation

Pentagon’s initiative for Black cyber students met with cautious optimism

Posted on by

Not everyone in the cybersecurity community is entirely optimistic about a new U.S. military program meant to extend educational resources to historically Black colleges and universities. For years, the Department of Defense has worked to extend cybersecurity resources to historically Black colleges and universities (HBCUs). A new initiative meant to improve access to cybersecurity resources at HBCUs and Minority Serving Institutions, though, is being met with some skepticism among prominent cyber practitioners and educational advocates. Backed by the National Security Agency and the Pentagon’s Office of Small Business Programs, the goal is to connect Black and minority universities with other colleges that already meet NSA cybersecurity curriculum standards. The aim is to share resources, such as labs and range time, and advice on curriculum development. The effort, known as the Cybersecurity Education Diversity Initiative (CEDI), also allocates $300,000 available for internships, the Pentagon said. “A lot of these programs almost end up being lip service,” said Camille Stewart, who […]

The post Pentagon’s initiative for Black cyber students met with cautious optimism appeared first on CyberScoop.

Continue reading Pentagon’s initiative for Black cyber students met with cautious optimism

Global cyber community can do more to stop state-sponsored malware, EFF researcher says

Posted on by

When it comes to defending against foreign cyber powers, many U.S. national security experts tend to hype up countries with powerful hacking capabilities, such as China, Iran, Russia, and North Korea. Regarding state-sponsored malware campaigns, though, the security community needs to dig deeper, says Cooper Quintin, a security researcher and programmer at the Electronic Frontier Foundation. “We’ve found lots of countries now are starting to get hacking programs. It’s a lot of countries you wouldn’t expect,” Quintin said Friday during CyberTalks, a virtual event produced by Scoop News Group. “We’ve seen state-sponsored malware coming out of Kazakhstan, Lebanon, Morocco, Ethiopia, and all sorts of countries that haven’t previously been well known for their hacking capabilities.” The countries themselves haven’t necessarily developed hacking capabilities, though they appear to be outsourcing cyber-operations to third parties, or shopping around for commercial hacking tools in an effort to mask government involvement, according to Quintin. The government of Kazakhstan, for […]

The post Global cyber community can do more to stop state-sponsored malware, EFF researcher says appeared first on CyberScoop.

Continue reading Global cyber community can do more to stop state-sponsored malware, EFF researcher says

Why the US was so fast to blame Iran for voter intimidation emails in Florida

Posted on by

By trying to quickly resolve concerns about an apparent Iranian influence operation, and bolster Americans’ confidence the country’s electoral process, U.S. officials have sparked an entirely new set of questions: Why were they able to connect Iran to the attack so quickly, and how? During a briefing announced to reporters 10 minutes before it began Wednesday, John Ratcliffe, the director of national intelligence, said the U.S. government had determined Iran was behind an email campaign meant to intimidate American voters. Neither Ratcliffe nor FBI Director Christopher Wray, who was also at the briefing, provided any technical evidence to support the allegation that the emails, purported to be sent by the Proud Boys as threats to Democratic voters in Florida to vote for President Donald Trump, in fact were sent by Iranian attackers. The disclosure came quickly after Motherboard on Tuesday reported on a surge of suspicious emails that seemed to use technical means to try to hide their […]

The post Why the US was so fast to blame Iran for voter intimidation emails in Florida appeared first on CyberScoop.

Continue reading Why the US was so fast to blame Iran for voter intimidation emails in Florida

US blames Iran for threatening emails sent to Florida voters

Posted on by

Iran is been behind a series of intimidating emails sent to registered Democratic voters in Florida in recent days, the U.S. government has assessed. The emails, which appeared to be sent by the Proud Boys, a designated hate group supportive of President Trump, threatened voters to “Vote for Trump or else!” as Motherboard first reported. “You will vote for Trump on Election Day or we will come after you,” said some of the emails received by registered Democrats. The series of messages were “spoofed” as part of an influence campaign aimed at interfering in the U.S. election, American officials said. Voters in Alaska and Pennsylvania have also received emails like those received in Florida, according to The Washington Post. “We have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest,” Director of National Intelligence John Ratcliffe said during a press conference Wednesday. “You may have seen some reporting on this in the […]

The post US blames Iran for threatening emails sent to Florida voters appeared first on CyberScoop.

Continue reading US blames Iran for threatening emails sent to Florida voters

DOJ efforts to weaken encryption place national security at risk, congressman says

Posted on by

Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data: This is a power grab. The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects who use encryption to hide illegal behavior. For Khanna, a California Democrat, the tradeoff is too dangerous. Legislation that enables law enforcement to crack strong security measures in order to root out some criminals, while also but leaving other people’s communications exposed, just is not worth it, he said Wednesday during CyberTalks, a virtual event produced by CyberScoop. “What I worry about is at a time where we already have an imbalance between the power of the U.S. government and the power of corporations and the individual, is it would shift more power to the tech companies and the government,” he said. “If you […]

The post DOJ efforts to weaken encryption place national security at risk, congressman says appeared first on CyberScoop.

Continue reading DOJ efforts to weaken encryption place national security at risk, congressman says

NSA warns defense contractors of recent Chinese government-backed hacking

Posted on by

U.S. defense contractors should be wary of Chinese government-backed hackers who are actively exploiting a multitude of known vulnerabilities to target — and successfully breach — victim networks, the National Security Agency said in an advisory Tuesday. The hackers are specifically going after 25 known vulnerabilities that primarily affect products used for remote access or for external web services, which the NSA lays out in detail in the advisory. Vulnerabilities the Chinese hackers are exploiting include those of Pulse Secure VPNs, which could allow attackers to steal victim passwords, as well as F5 Networks’ Big-IP Traffic Management User Interface, Windows Domain Name System servers, a series of flaws in Citrix ADC and Gateway devices, and several others. System administrators in the defense industrial base should immediately patch the vulnerabilities the Chinese hackers are exploiting, the NSA warned. “NSA is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently […]

The post NSA warns defense contractors of recent Chinese government-backed hacking appeared first on CyberScoop.

Continue reading NSA warns defense contractors of recent Chinese government-backed hacking

Anti-stalkerware group still working to protect domestic abuse victims

Posted on by

When it comes to stamping out the kind of surveillance software that domestic abusers use to spy on their romantic partners, there’s still a long way to go. Security firms, victim advocacy groups and anti-domestic abuse organizations combined forces roughly a year ago to bring an end to stalkerware, the kind of technology that people use to monitor their domestic partners’ devices. The group, known as the Coalition Against Stalkerware, has made progress in the past 12 months or so, though there’s still a long road ahead, said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, one of the founding members of the coalition. The surveillance can be incredibly intrusive — stalkerware can monitor targets’ geolocation, texts, phone calls, cameras, and more — and especially during a pandemic, can be used to box in abuse victims and isolate them from external help and resources. Targets of stalkerware often aren’t aware […]

The post Anti-stalkerware group still working to protect domestic abuse victims appeared first on CyberScoop.

Continue reading Anti-stalkerware group still working to protect domestic abuse victims

NSA aims to boost Black students’ access to security education, paid internships

Posted on by

The National Security Agency and the Department of Defense announced an initiative on Thursday meant to increase access to cybersecurity education, mentoring and paid internships for students at historically Black colleges and universities. The workforce development program will connect students at eligible educational institutions with internships and mentorship through the Pentagon’s Office of Small Business Programs, officials said Thursday during a call with reporters. Students may also participate in exercises at the Maryland Innovation & Security Institute’s virtual cyber range, to gain hands-on technical training that will help them to later provide technical assistance to small businesses. Students may receive paid stipends during their internships, according to a Defense Department and NSA release. Exactly how much money the NSA and the Defense Department will reward to students was not immediately clear. Shannon Jackson, associate director of the Department of Defense’s Office of Small Business Program, said the Cybersecurity Education Diversity Initiative (CEDI), is meant to […]

The post NSA aims to boost Black students’ access to security education, paid internships appeared first on CyberScoop.

Continue reading NSA aims to boost Black students’ access to security education, paid internships

Barnes & Noble cyber incident could expose customer shipping addresses, order history

Posted on by

Barnes & Noble told customers it was the victim of a cyberattack that led to “unauthorized and unlawful access” of its corporate systems. Barnes & Noble didn’t detail the entire nature of the “cybersecurity attack” in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed. Payment card information wasn’t compromised as a part of this incident, but customers’ order history may also be exposed, according to Barnes & Noble. “We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the bookseller said in its alert to customers. Customers’ access to Nook e-readers has also been interrupted, Barnes & Noble said on Twitter. It was unclear how many customers the incident impacted. Barnes & Noble did not disclose how it discovered the incident, only noting that it was “made aware” of it on Oct. 10. It’s […]

The post Barnes & Noble cyber incident could expose customer shipping addresses, order history appeared first on CyberScoop.

Continue reading Barnes & Noble cyber incident could expose customer shipping addresses, order history