Shannon Vavra – Page 42 – WindowsTechs.com

Elizabeth Warren wants to overhaul U.S. election security

Posted on June 25, 2019 by Shannon Vavra

Sen. Elizabeth Warren, D-Mass., released a plan focused on election security Tuesday that would replace every voting machine in the U.S. with “state-of-the-art” technology and require states to follow federal standards for federal elections. Warren, who is running for president, would replace outdated voting systems with voter-verified paper ballot machines, mandate voting equipment be paid for by the federal government, and require risk-limiting audits before elections take place. The proposal also makes the federal government responsible for election cybersecurity. “Our democracy is too important for it to be under-resourced and insecure,” Warren wrote in a post on Medium. “We have a solemn obligation to secure our elections from those who would try to undermine them.” Beyond requiring risk-limiting audits, Warren’s plan would add a condition for states seeking federal funding for elections administration. Among the conditions would be an examination of how states are making voting more convenient. “The federal […]

The post Elizabeth Warren wants to overhaul U.S. election security appeared first on CyberScoop.

Continue reading Elizabeth Warren wants to overhaul U.S. election security→

Russia’s trolling tactics are getting more elaborate

Posted on June 24, 2019 by Shannon Vavra

Facebook’s early May takedown of a Russian political disinformation operation was much larger than previously thought, according to research published this weekend by the Atlantic Council’s Digital Forensic Research Lab. The Russian-linked actors behind the campaign went well beyond just amplifying political narratives on Facebook, and in fact began much earlier by planting false stories and then later amplifying these fake stories using fake accounts. In one case, these Russian-linked actors impersonated Sen. Marco Rubio’s Twitter account in a tweet that made it look like he was disparaging Britain’s Government Communications Headquarters. Then-Defense Secretary of the UK Gavin Williams was also victim to a similar photoshop effort. One of the false stories that the Russian trolls created and amplified through fake accounts includes a storyline that a Spanish intelligence agency rooted out an anti-Brexit pilot to assassinate Boris Johnson. Johnson is now in the running to serve as the UK’s next prime minister. As many Russian-linked […]

The post Russia’s trolling tactics are getting more elaborate appeared first on CyberScoop.

Continue reading Russia’s trolling tactics are getting more elaborate→

NSA technical director: Iran-linked operations are about espionage, not destruction

Posted on June 22, 2019 by Shannon Vavra

Even as geopolitical tensions spike between Iran and the U.S. following an Iranian takedown of a U.S. drone, Iran-linked cyber-operations continue to focus on espionage and not necessarily destructive activities, a senior U.S. intelligence official says. David Hogue, the technical director for the National Security Agency’s Threat Operations Center, tells CyberScoop Iranian-linked hacking groups are focused on traditional intelligence gathering. “I think they’re trying to get more insights onto what U.S. policymakers are either knowledgeable of or think of them,” Hogue said in an interview with CyberScoop on Friday. The past year has enflamed geopolitical tensions between Iran and the U.S. following the Trump administration’s withdrawal from the Iran nuclear deal. In April, the Trump administration took the unprecedented step of declaring a branch of Iran’s military to be a terrorist organization. Just last week, the administration blamed Tehran for attacks on two oil tankers in the Gulf of Oman. The Pentagon subsequently announced increased […]

The post NSA technical director: Iran-linked operations are about espionage, not destruction appeared first on CyberScoop.

Continue reading NSA technical director: Iran-linked operations are about espionage, not destruction→

The NSA is experimenting with machine learning concepts its workforce will trust

Posted on June 21, 2019 by Shannon Vavra

As the U.S. National Security Agency incorporates machine learning and artificial intelligence into its defensive cyber operations, officials are weighing whether cyber operators will have confidence in the algorithms underpinning those emerging technologies. NSA operators want to say, “is my AI or ML system explainable?” Neal Ziring, NSA’s Technical Director for Capabilities, told CyberScoop Thursday. “Contexts where the AI is recommending an action is where that will be most important.” The intelligence agency still is exploring how machine learning, an automated method of data analysis, might be used to detect threats and protect new Internet of Things technology. Given the amount of information that agency employees need to sort through, machine learning could help prioritize tasks and decrease the amount of time employees spend on triage. The NSA aims to use machine learning and artificial intelligence, in which computers make their own decisions, to more efficiently stop threats, and eventually leverage those tools in offensive operations. But, if NSA workers don’t trust the […]

The post The NSA is experimenting with machine learning concepts its workforce will trust appeared first on CyberScoop.

Continue reading The NSA is experimenting with machine learning concepts its workforce will trust→

How secure is that .zip file? One senator is urging NIST to weigh in

Posted on June 19, 2019 by Shannon Vavra

Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet. “Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.” Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery. “Given the ongoing threat of cyber attacks by foreign state actors […]

The post How secure is that .zip file? One senator is urging NIST to weigh in appeared first on CyberScoop.

Continue reading How secure is that .zip file? One senator is urging NIST to weigh in→

Twitter scrubs nearly 5,000 accounts tied to state-backed information operations

Posted on June 13, 2019 by Shannon Vavra

Twitter said Thursday it has removed thousands of accounts associated with six state-backed disinformation campaigns from Iran, Russia, Venezuela, and Spain. The 4,946 accounts taken off the social media site engaged in malicious activity ranging from the amplification of political propaganda and the impersonation of American politicians, among other terms of service violations, the company said. Twitter has “reliably” linked the accounts with state-affiliated organizations, Yoel Roth, chief of site integrity, said in a blog post. But the takedowns also demonstrate how, even as Silicon Valley invests more resources into uncovering this kind of activity, governments still are exploiting Twitter’s influence. “We only disclose datasets associated with coordinated malicious activity that we are able to reliably associate with state-affiliated actors,” Roth wrote. The goal of sharing these campaigns is to enable researchers to further analyze disinformation so the world can better respond to it, especially as it relates to elections, he […]

The post Twitter scrubs nearly 5,000 accounts tied to state-backed information operations appeared first on CyberScoop.

Continue reading Twitter scrubs nearly 5,000 accounts tied to state-backed information operations→

Congress to take another stab at hack back legislation

Posted on June 13, 2019 by Shannon Vavra

The concept of “hacking back” — which has often been referred to as “the worst idea in cybersecurity” — has resurfaced again in Washington. Rep. Tom Graves, R-Ga., is reintroducing a bill Thursday that would allow companies to go outside of their own networks to identify their attackers and possibly disrupt their activities. While Graves has made previous attempts to legalize the practice, “hacking back” would currently be a violation of the Computer Fraud and Abuse Act. The CFAA, enacted in 1986, makes it illegal to access computers without authorization. Graves told CyberScoop the bill is necessary in part because companies are left without recourse when they are attacked. “Where do they turn — can they call 911? What do they do?” Graves said. “They have nowhere to turn.” The incentive to pass this bill, Graves says, also stems in part from the fact that there are no guidelines right now for companies that […]

The post Congress to take another stab at hack back legislation appeared first on CyberScoop.

Continue reading Congress to take another stab at hack back legislation→

Phishing kits are licensed, managed and pirated like any other legitimate software

Posted on June 12, 2019 by Shannon Vavra

Spearphishing schemes are pulling on practices from legitimate software companies in order to enhance the efficiency and distribution of their scams, according to new research published Wednesday. Akamai Principal Lead Security Researcher Or Katz, whose company sees thousands of new phishing pages each day, and has noticed phishing kit sellers are increasingly operating as if they were in the lawful commercial space. They are using “factory-like production cycle to target dozens of brands,” Katz, who has been analyzing the development of phishing kits since December last year, writes in the research. One phishing kit distributor Akamai has been tracking advertises kits that imitate a wide swath of websites, including Gmail, Amazon, Facebook, YouTube, GoDaddy, PayPal and Skype. “The threat posed by phishing factories isn’t just focused on the victims who risk having valuable accounts compromised and their personal information sold to criminals,” Katz writes. “These factories are also a threat to […]

The post Phishing kits are licensed, managed and pirated like any other legitimate software appeared first on CyberScoop.

Continue reading Phishing kits are licensed, managed and pirated like any other legitimate software→

U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says

Posted on June 11, 2019 by Shannon Vavra

The U.S. is beginning use offensive cyber measures in response to commercial espionage, President Trump’s national security adviser, John Bolton, said Tuesday. “We’re now looking at — beyond the electoral context — a whole range of other activities to prevent this other kind of cyber interference … in the economic space, as well,” Bolton said while speaking at The Wall Street Journal’s CFO Network annual meeting. The U.S. faces many digital economic threats, including a particularly aggressive salvo from Beijing, which continues to steal intellectual property and conduct other cyber-espionage activities, according to the latest Pentagon assessment on Chinese military operations. The U.S. government traditionally has carried out offensive cyber operations in the electoral context, such as a 2018 Cyber Command operation that interrupted the internet access of a Russian organization that spread political disinformation on social media. Now, according to Bolton, American focus is expanding to deter the theft of IP. “We’re now opening the aperture, […]

The post U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says appeared first on CyberScoop.

Continue reading U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says→

House’s defense bill looks to protect Pentagon’s tech supply chain

Posted on June 11, 2019 by Shannon Vavra

The cybersecurity proposals in the House Armed Services Committee’s draft of the national defense bill for fiscal 2020 include provisions that would create new directives on the Department of Defense’s tech acquisitions and supply chain. Chairman Adam Smith’s mark of the National Defense Authorization Act (NDAA), issued Monday, seeks to prevent the DOD from acquiring foreign telecommunications and video surveillance equipment from companies that could pose security risks to the Pentagon. The provision effectively would ban or suspend contractors and subcontractors from doing business with not just the Pentagon but also the entire U.S. government, too. Chinese-based companies Huawei and ZTE, both of which have been under intense scrutiny by the Trump administration, are not directly named in the provision. The measure appears to align with an executive order the White House issued just last month that seeks to bar U.S. companies from using telecommunications equipment made by foreign firms, with the concern that the gear […]

The post House’s defense bill looks to protect Pentagon’s tech supply chain appeared first on CyberScoop.

Continue reading House’s defense bill looks to protect Pentagon’s tech supply chain→