Shannon Vavra – Page 41 – WindowsTechs.com

NSA to establish new Cybersecurity Directorate to boost defense

Posted on July 23, 2019 by Shannon Vavra

The National Security Agency is creating a cybersecurity directorate to better protect the country against cyberthreats from foreign adversaries, an NSA spokesperson told CyberScoop. Anne Neuberger will be the intelligence agency’s first director for cybersecurity, a decision NSA Director Gen. Paul Nakasone is expected to make public Tuesday in New York City at the International Conference on Cyber Security. The directorate is slated to be operational Oct. 1 of this year, the spokesperson said. The move is intended to allow the NSA — which is part of the U.S. military — to better provide information gleaned from signals intelligence to agencies and the private sector in order to protect national critical infrastructure, an NSA spokesperson said. “It’s a major organization that unifies our foreign intelligence and our cyberdefense mission, and it’s charged with preventing and eradicating threats to national security systems and the defense industrial base,” the official told CyberScoop. Civilian agencies — such as the Department of […]

The post NSA to establish new Cybersecurity Directorate to boost defense appeared first on CyberScoop.

Continue reading NSA to establish new Cybersecurity Directorate to boost defense→

Former NSA contractor sentenced to 9 years for theft of government info

Posted on July 19, 2019 by Shannon Vavra

Former NSA contractor Harold T. Martin was sentenced Friday to 9 years in prison for his role in a massive theft of classified documents. Martin was responsible for one of the largest leaks of U.S government secrets, after it was found that the former NSA contractor possessed up to 50 terabytes of classified government documents he collected over the course of two decades. Judge Richard Bennett’s sentence falls short of the maximum number of years Martin previously face — 10 years for each of the 20 counts against him — for unauthorized and willful retention of national defense information. However, the sentence aligns with the plea agreement his public defenders reached with the U.S. government. The U.S. attorneys said his theft called for “significant” prison time, according to the government’s sentencing memorandum, which CyberScoop obtained. “The exceptionally grave nature and circumstances of the defendant’s criminal conduct call for a significant […]

The post Former NSA contractor sentenced to 9 years for theft of government info appeared first on CyberScoop.

Continue reading Former NSA contractor sentenced to 9 years for theft of government info→

10,000 Microsoft customers targeted by nation-state attacks in the last year

Posted on July 17, 2019 by Shannon Vavra

Microsoft has notified 10,000 customers in the past year that they have been the brunt of nation-state cyberattacks — some of which were successful — from Iran, North Korea, and Russia, Microsoft announced Wednesday. “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” Tom Burt, corporate vice president of customer security & trust at Microsoft, wrote in a blog post on the matter. Microsoft has linked the attacks with a group linked with Iran broadly known as APT 33, with a group from North Korea known as APT 38, as well as two groups linked with Russia, APT 28 and APT 29, which Microsoft dubs Strontium and Yttrium respectively. APT 28 was behind the intrusions at the Democratic National Committee. Some of the attacks observed appear to be related to U.S. politics and […]

The post 10,000 Microsoft customers targeted by nation-state attacks in the last year appeared first on CyberScoop.

Continue reading 10,000 Microsoft customers targeted by nation-state attacks in the last year→

FaceApp isn’t taking all of your photos, but the privacy concerns are very real

Posted on July 17, 2019 by Shannon Vavra

Using FaceApp to figure out how you’ll look when you’re old and wrinkly may be the viral sensation of the week, but that fun may not be worth it once you look at the fine print. Users don’t have to explicitly click on any user agreement and aren’t forced to read through FaceApp’s privacy policy before using it, but when users apply “old” filters to their photos, they are giving FaceApp license to display their photos worldwide as well as access to location data, according to the fine print. The app does not appear to be uploading users’ full camera rolls in the background, however, as software developer Joshua Nozzi incorrectly claimed on Twitter. After downloading the app, users are prompted with an option to have FaceApp access their camera rolls. This is done so they can select photos to modify with the app. When users select a photo, the app uploads […]

The post FaceApp isn’t taking all of your photos, but the privacy concerns are very real appeared first on CyberScoop.

Continue reading FaceApp isn’t taking all of your photos, but the privacy concerns are very real→

U.S. Cyber Command simulated a seaport cyberattack to test digital readiness

Posted on July 17, 2019 by Shannon Vavra

When U.S. Cyber Command simulated a cyberattack against a seaport last month, military personnel hunted for adversaries who appeared to be using malware against a critical trade hub in an updated version of its annual exercises. The annual weeklong test, known as “Cyber Flag,” is meant to help cyber staffers better defend against critical infrastructure cyberattacks, military commanders involved in the exercise told reporters in a briefing Tuesday. By imitating a cyberattack that blocked the seaport’s ability to move cargo, potentially affecting inernational trade, military leaders tested their readiness for a real-world attack, and looked for ways to improve their response. The simulation also included officials from throughout the U.S. government and from allied partners to emphasize stronger coordination. “Cyber Flag is the command’s annual tactical exercise series that features teams working on keyboard against a live opposing force,” said Rear Adm. John Mauger, Cyber Command’s director of exercises and training. “The environment is really […]

The post U.S. Cyber Command simulated a seaport cyberattack to test digital readiness appeared first on CyberScoop.

Continue reading U.S. Cyber Command simulated a seaport cyberattack to test digital readiness→

Trump’s Pentagon pick ‘confident’ in 2020 election security

Posted on July 16, 2019 by Shannon Vavra

Defense secretary nominee Mark Esper told the Senate Armed Services Committee on Tuesday that although there is still work to be done, he is confident in the security of the 2020 presidential elections. “We are more and more confident that the 2020 elections will be unfettered,” Esper said. “But we always will have a lot of work to do because people will always want to influence our elections.” The 2020 elections remain a target of state and non-state cyber actors, a senior intelligence official told reporters last month in a briefing. Esper, who has been serving as secretary of the U.S. Army since 2017, highlighted U.S. Cyber Command’s capabilities while discussing election security. Efforts made in the buildup to the 2018 midterm elections left the U.S. with an improved posture than years prior, he said. Some of the command’s efforts to defend the midterm elections in 2018 included deploying soldiers to […]

The post Trump’s Pentagon pick ‘confident’ in 2020 election security appeared first on CyberScoop.

Continue reading Trump’s Pentagon pick ‘confident’ in 2020 election security→

Congressional pressure builds for White House to share classified cyber authorizations

Posted on July 12, 2019 by Shannon Vavra

Almost one year after President Donald Trump issued a classified memorandum that has made it easier for the Pentagon to run offense cyber-operations against U.S. adversaries, lawmakers still haven’t seen the details of the memorandum, and they want the White House to change course. Thursday evening the House of Representatives added a provision to the National Defense Authorization Act that would compel the White House to turn over the memorandum as well as any others relating to the Pentagon’s cyber-operations. The amendment was part of an “en bloc” package, meaning both sides accepted by voice vote without debate, signaling to the White House just how much interest there is — on both sides of the aisle — in allowing the legislative branch to see the memorandum. Part of the concern is that with increased authorizations to run offensive operations against adversaries, the administration runs the risk of escalating tensions with adversaries in cyberspace without proper Congressional oversight, […]

The post Congressional pressure builds for White House to share classified cyber authorizations appeared first on CyberScoop.

Continue reading Congressional pressure builds for White House to share classified cyber authorizations→

FEC approves anti-spearphishing service for campaigns at low cost

Posted on July 12, 2019 by Shannon Vavra

The Federal Election Commission approved a request Thursday from an anti-spearphishing company, deeming it permissible for the security vendor to provide its services to campaigns and political parties at a discount without violating campaign laws. The FEC expressed trepidation last month over whether it could approve the request from a company, Area 1 Security, to provide low or no cost services to campaigns. A debate stemmed from FEC concerns that a security firm, by offering a markdown on normally expensive services to campaigns, could inappropriately curry favor with lawmakers. This decision is one in a series of approvals the FEC has issued in recent months as it recognizes the serious threat foreign adversaries pose to U.S. elections. “Area 1 has cleared the way for candidates to arm themselves with the best technology available to protect against a repeat of the disastrous cyber-intrusions in prior election cycles,” Dan Petalas, outside counsel for Area 1, told CyberScoop. Area 1 now has […]

The post FEC approves anti-spearphishing service for campaigns at low cost appeared first on CyberScoop.

Continue reading FEC approves anti-spearphishing service for campaigns at low cost→

Why Cyber Command’s latest warning is a win for the government’s information sharing efforts

Posted on July 10, 2019 by Shannon Vavra

When U.S. Cyber Command warned last week that a hacking group was using a Microsoft Outlook vulnerability previously leveraged by an Iran-linked malware campaign, it appeared to be signaling just how much the military knows about those operations. But the alert was significant in other ways: behind-the-scenes details uncovered by CyberScoop show that it is an example of how the U.S. government has built up its use of the information-sharing platform VirusTotal so the private sector gets more information sooner. Along with Cyber Command’s warning, which also was shared in a tweet, the Department of Homeland Security (DHS) released its own private warning to industry, CyberScoop has learned. The department’s traffic light protocol (TLP) alert covered the same threat that Cyber Command would eventually post to VirusTotal. In going public with the malicious files, Cyber Command appears to have revealed new information about how Iran-linked actors leveraged another malware family, known as Shamoon, as recently as 2017, according to Chronicle, which owns VirusTotal. Not only is it […]

The post Why Cyber Command’s latest warning is a win for the government’s information sharing efforts appeared first on CyberScoop.

Continue reading Why Cyber Command’s latest warning is a win for the government’s information sharing efforts→

Need more evidence that IoT security is a big deal? Here’s what NIST has to say

Posted on June 27, 2019 by Shannon Vavra

If your organization isn’t thinking about internet of things (IoT) security, it could soon face a rude awakening, according to the influential agency that sets cybersecurity standards for the federal government. The widespread adoption of internet-connected devices will make it more difficult to patch security vulnerabilities, open new avenues for cyberattacks and muddle the visibility into security incidents when they do occur, researchers at the National Institute of Standards and Technology warn in a paper published Wednesday. The agency recommends that organizations identify the IoT capabilities of the devices on their networks and adjust their risk management processes accordingly. NIST guidance, while expressly aimed at federal agencies, also is widely adopted throughout the private sector. The new document adds to work that the agency did in its globally popular Cybersecurity Framework. NIST notes that some of the advantages of IoT technology are also vulnerabilities. While automatic patching, for instance, is generally considered essential for traditional IT, that strategy could “have far […]

The post Need more evidence that IoT security is a big deal? Here’s what NIST has to say appeared first on CyberScoop.

Continue reading Need more evidence that IoT security is a big deal? Here’s what NIST has to say→