Shannon Vavra – Page 34 – WindowsTechs.com

Federal cyber chief: Supply chain security against foreign influence needs work

Posted on December 3, 2019 by Shannon Vavra

Although the U.S. government is working to prevent foreign telecommunications firms like Huawei from building 5G networks in the U.S. and abroad, there are still few answers on how to secure the government’s technology supply chain, according to federal Chief Information Security Officer Grant Schneider. “Could [a company] come under the influence of a foreign adversary in any way shape or form? Is there quality where we need it to be? … How do we ensure their supply chain and the parts that they’re taking in and putting inside their box are actually the parts they’re expecting?” Schneider said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “I don’t think we have an answer on what are the solutions to all those [questions.]” The administration also isn’t clear yet on whether the government itself should be assessing which contractors are meeting requirements, or whether that assessment should be completed elsewhere, according to Schneider. “As we look at […]

The post Federal cyber chief: Supply chain security against foreign influence needs work appeared first on CyberScoop.

Continue reading Federal cyber chief: Supply chain security against foreign influence needs work→

How the Marine Corps thinks about beating adversaries in cyberspace

Posted on December 3, 2019 by Shannon Vavra

There are a whole host of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts — but there’s one part of defending against spearphishing in particular the U.S. Marine Corps Forces Cyberspace Command’s Chief Technology Officer endorses: context. For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday. “Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.” Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport […]

The post How the Marine Corps thinks about beating adversaries in cyberspace appeared first on CyberScoop.

Continue reading How the Marine Corps thinks about beating adversaries in cyberspace→

FBI assesses Russian apps may be counterintelligence threat

Posted on December 2, 2019 by Shannon Vavra

All mobile apps developed by Russian entities may be counterintelligence threats to the United States, the FBI has assessed in a letter sent to the Senate’s minority leader. “The FBI considers any mobile application or similar product developed in Russia … to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia’s borders,” Jill Tyson, the assistant director for the FBI’s office of congressional affairs, wrote in a letter to Sen. Chuck Schumer, D-NY, that CyberScoop obtained. The bureau’s concerns about Russian counterintelligence operations come in response to an inquiry Schumer sent to the FBI this summer about whether Americans’ data on FaceApp was being provided to the Kremlin. The FBI has assessed that the Russian photo-aging app, which became a viral sensation earlier this […]

The post FBI assesses Russian apps may be counterintelligence threat appeared first on CyberScoop.

Continue reading FBI assesses Russian apps may be counterintelligence threat→

Trend Micro finds new mobile malware masquerading as a chat app

Posted on December 2, 2019 by Shannon Vavra

A new kind of mobile malware that can steal victim’s personal information, including files and victims’ location data is hidden under the guise of a chat app, according to new research from Trend Micro. Since May, the new mobile malware, which Trend Micro dubs CallerSpy, has appeared on multiple occasions on a phishing site http://gooogle[.]press imitating apps such as Chatrious and Apex App. All users have to do to get infected is click the download button on the site, and then the spyware monitors for commands from the attackers’ command and control server. It appears to only target Android users for now, according to Trend Micro. The company has not discovered any victims, according to its research. CallerSpy, which Trend Micro assesses is a targeted espionage campaign, can collect call logs, text messages, contacts, and files from victims. It can also take screenshots and send them back to the command […]

The post Trend Micro finds new mobile malware masquerading as a chat app appeared first on CyberScoop.

Continue reading Trend Micro finds new mobile malware masquerading as a chat app→

NSA contractor indicted for fudging timesheet

Posted on November 27, 2019 by Shannon Vavra

A contractor who has been working at the National Security Agency since 2017 has been charged with five counts of falsifying her timesheet, according to an indictment filed in the U.S. District Court of Maryland. The contractor, Melissa Heyer, allegedly filed hours claiming to have been working in a sensitive compartmented information facility (SCIF), meant to function as a highly classified work environment, when she was actually elsewhere. She allegedly filed these false claims on five separate occasions between May 2017 and July 2018. The false work Heyer claimed to have completed amounted to the government paying her and her company $100,000 in all, the indictment claims. The wages she falsely claimed to have earned amount to more than $7,000, according to the indictment. It wasn’t immediately clear if Heyer had admitted to the allegations in a review of her activity, or whether she denied or sought to cover it […]

The post NSA contractor indicted for fudging timesheet appeared first on CyberScoop.

Continue reading NSA contractor indicted for fudging timesheet→

Improve controls on classified information, inspector general tells U.S. intelligence community

Posted on November 27, 2019 by Shannon Vavra

The federal government should do more to protect its most sensitive information from potentially being deleted or leaked by insiders, according to a new report from the intelligence community inspector general (ICIG). The Office of the Director of National Intelligence (ODNI) must “improve controls to efficiently and effectively manage and mitigate the risk that a trusted privileged user could inappropriately access, modify, destroy, or exfiltrate classified data,” the intelligence community inspector general, Michael Atkinson, writes in the report. The potential for trouble extends even to classified information that is restricted to a trusted few at the ODNI, the report says. The ICIG’s specific recommendations about how to address the issue, of course, are classified. The semiannual report, released Tuesday, details a number of ongoing intelligence community programs and audits meant to boost the cybersecurity of the ODNI and the intelligence community writ large, among them projects on overhauling the security clearance process and efforts […]

The post Improve controls on classified information, inspector general tells U.S. intelligence community appeared first on CyberScoop.

Continue reading Improve controls on classified information, inspector general tells U.S. intelligence community→

Trump’s national security adviser warns Canadians against Huawei 5G tech

Posted on November 25, 2019 by Shannon Vavra

A top White House official warned Canadians this weekend against allowing China-based Huawei to help in building out Canada’s next generation 5G telecommunications networks. “The technology allows China to put together profiles of the most intimate details, intimate personal details, of every single man, woman and child in China,” President Donald Trump’s national security adviser, Robert O’Brien, said at the Halifax International Security Forum, according to CBC News. “When they get Huawei into Canada or other Western countries, they’re going to know every health record, every banking record, every social media post; they’re going to know everything about every single Canadian,” O’Brien said. Given that China has a law that would require Chinese companies to yield to Chinese intelligence agencies’ requests, the Trump administration and lawmakers are concerned that Beijing could use Huawei and other Chinese-based companies for spying. O’Brien threatened that Canadian-U.S. intelligence-sharing could be affected if Canada goes through […]

The post Trump’s national security adviser warns Canadians against Huawei 5G tech appeared first on CyberScoop.

Continue reading Trump’s national security adviser warns Canadians against Huawei 5G tech→

Here’s what Pete Buttigieg’s campaign CISO is worried about

Posted on November 21, 2019 by Shannon Vavra

Although the 2020 presidential race has become more crowded in recent weeks, Mick Baccio — the chief information security officer for Democratic presidential candidate Pete Buttigieg’s campaign — isn’t concerned. Baccio may be the only person on the South Bend, Indiana, mayor’s staff that isn’t worried about former Massachusetts Gov. Deval Patrick, Sen. Elizabeth Warren, former Vice President Joe Biden or any of the other candidates. For him, the competition is foreign adversaries trying to hack into Buttigieg’s campaign infrastructure. “I don’t do politics. I’m just learning how the caucus works,” Baccio said during remarks at CYBERWARCON, a cybersecurity conference held Thursday in Arlington, Virginia. “I don’t care if it’s left or right, I care if it’s Russian or Iranian [intrusions]. That’s who I really [care about,] that’s the competitor.” His ultimate goal is making sure Buttigieg’s campaign doesn’t fall victim to the same intrusions that Hillary Clinton’s presidential campaign […]

The post Here’s what Pete Buttigieg’s campaign CISO is worried about appeared first on CyberScoop.

Continue reading Here’s what Pete Buttigieg’s campaign CISO is worried about→

Pentagon’s next cyber policy guru predicts more collective responses in cyberspace

Posted on November 21, 2019 by Shannon Vavra

State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.” For months now, the U.S. […]

The post Pentagon’s next cyber policy guru predicts more collective responses in cyberspace appeared first on CyberScoop.

Continue reading Pentagon’s next cyber policy guru predicts more collective responses in cyberspace→

The U.N. passed a resolution that gives Russia greater influence over internet norms

Posted on November 18, 2019 by Shannon Vavra

A cybercrime-focused resolution backed by Russia was passed Monday in the United Nations in New York, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet. The resolution, which passed 88-58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control. In particular, the resolution calls for a check on the “use of information and communications technologies for criminal purposes.” Which activities it aims to curb exactly is unclear. Thirty-six rights groups argue in a letter that the resolution is so vague that it could lead to the criminalization of ordinary online activities that journalists, human rights groups, and other members of civil society rely on, such as using encrypted chat […]

The post The U.N. passed a resolution that gives Russia greater influence over internet norms appeared first on CyberScoop.

Continue reading The U.N. passed a resolution that gives Russia greater influence over internet norms→