Shaun Waterman – Page 14 – WindowsTechs.com

Homeland security adviser explains what Trump meant by ‘impenetrable cyber security unit’

Posted on July 14, 2017 by Shaun Waterman

The “impenetrable cybersecurity unit” that President Donald Trump talked about forming with Russia won’t happen, but U.S. officials will open a dialogue with their Kremlin counterparts about “rules of the road” in cyberspace, White House homeland security adviser Tom Bossert said Friday. It’s the first time a senior Trump administration cybersecurity official has addressed the issue since the president’s notorious tweet earlier this month. Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.. — Donald J. Trump (@realDonaldTrump) July 9, 2017 The tweet, saying Trump and Russian President Vladimir Putin had “discussed forming an impenetrable Cybersecurity unit so that election hacking, & many other negative things, will be guarded,” set off a firestorm of derision and criticism from experts. Trump eventually seemed to retreat from the idea, but Bossert’s comments Friday made clear there will be an effort to open a […]

The post Homeland security adviser explains what Trump meant by ‘impenetrable cyber security unit’ appeared first on Cyberscoop.

Continue reading Homeland security adviser explains what Trump meant by ‘impenetrable cyber security unit’→

House funding bill for DHS follows Trump plan to cut research and science offices

Posted on July 13, 2017 by Shaun Waterman

The Homeland Security spending bill advancing in the House of Representatives follows the Trump administration’s budget request in proposing severe cuts on the department’s Science and Technology Directorate — slashing the research programs and technology development facilities that it runs, including its national laboratories. Although the bill, which covers appropriations for DHS for fiscal 2018, has a long way to go before it becomes law, the administration is already moving ahead with the cuts, preparing to shutter three of its five national labs. The cuts have drawn protests from former Homeland Security Secretary Tom Ridge and Democrats in the House and Senate. The National Biodefense Analysis and Countermeasures Center (NBACC) at Fort Detrick in Frederick, Maryland, and the Chemical Security Analysis Center (CSAC) at the Aberdeen Proving Ground in Aberdeen, Maryland, are both on the chopping block. The National Urban Security Technology Laboratory, which has an office in New York City and Oakbrook Terrace, Illinois, is also […]

The post House funding bill for DHS follows Trump plan to cut research and science offices appeared first on Cyberscoop.

Continue reading House funding bill for DHS follows Trump plan to cut research and science offices→

House funding bill for DHS follows Trump plan to cut research and science offices

Posted on July 13, 2017 by Shaun Waterman

The post House funding bill for DHS follows Trump plan to cut research and science offices appeared first on Cyberscoop.

Continue reading House funding bill for DHS follows Trump plan to cut research and science offices→

Microsoft patches domain-controller vulnerability impacting all Windows versions

Posted on July 11, 2017 by Shaun Waterman

Microsoft issued a patch Tuesday for a serious privilege escalation vulnerability affecting all versions of Windows for enterprises released since 2007. By exploiting it, an attacker who has compromised a single machine on a network can create a new administrator account for themselves and get control of the entire domain. The vulnerability, assigned the serial number CVE-2017-8563, scores 7.5 on the Common Vulnerability Scoring System, meaning it is rated as “high” severity, the second highest after “critical.” “The vulnerability is in the domain controller,” said Roman Blachman, CTO and co-founder of Preempt Security, whose researchers found the flaw in April and reported it to Microsoft. In a video, Preempt researchers show how they can leverage it to exploit known weaknesses in some of the communications protocols included in Windows NT LAN Manager, or NTLM, and launch an attack technique known as credential relay. The vulnerability, Preempt CEO Ajit Sancheti added, “can be exploited if the attacker has compromised […]

The post Microsoft patches domain-controller vulnerability impacting all Windows versions appeared first on Cyberscoop.

Continue reading Microsoft patches domain-controller vulnerability impacting all Windows versions→

White House cyber czar says norms push will move to small group of allies

Posted on July 11, 2017 by Shaun Waterman

The Trump administration will continue its predecessor’s push for the adoption of global cyber norms, but is putting efforts to do so through the United Nations on the back burner, preferring instead to work with small groups of allied countries, White House cybersecurity czar Rob Joyce said Tuesday. This new “coalition of the willing” strategy seems at odds with the plans apparently developed last week for a joint cybersecurity framework with Russia to combat outside interference and hacking of elections. “We’re going to be working with like-minded countries to start to enforce the norms that we’ve talked about” — like the one outlawing attacks on critical infrastructure in peacetime — Joyce told a standing-room only crowd at the Department of Homeland Security Science and Technology Directorate’s cybersecurity R&D showcase. “We’ve got to raise the cost on the attackers … [We’ve got] to start pushing at those norms we know need to be enforced and following up so […]

The post White House cyber czar says norms push will move to small group of allies appeared first on Cyberscoop.

Continue reading White House cyber czar says norms push will move to small group of allies→

Isolating browsers from the web’s ‘cesspool’: Why Symantec bought FireGlass

Posted on July 11, 2017 by Shaun Waterman

Last year a report by the ubiquitous technology analysis company Gartner concluded that browser isolation — a concept employed by fewer than 1 percent of enterprises — would mushroom to a 20 percent adoption rate by 2021 because of the way the internet has become a “cesspool” of malicious content. Security giant Symantec is betting that Gartner report becomes a reality, having announced the acquisition of Israeli start-up FireGlass for an undisclosed sum last week. “When you install this technology [in an enterprise network], you end up with a 70 percent reduction in the number of events reported to the security operations center,” Symantec CEO Greg Clark told CyberScoop, calling it “a huge step forward that no one can ignore.” Browser isolation works by executing code from a website, email or plugin in a so-called DMZ, a sealed, disposable container on a server remote from the endpoint — computer, smartphone, tablet — that the […]

The post Isolating browsers from the web’s ‘cesspool’: Why Symantec bought FireGlass appeared first on Cyberscoop.

Continue reading Isolating browsers from the web’s ‘cesspool’: Why Symantec bought FireGlass→

How an Interpol speech shows that China may be evolving on cybercrime

Posted on July 7, 2017 by Shaun Waterman

The president of the global police organization Interpol delivered a speech this week calling for international cooperation and multi-stakeholder partnerships to fight cybercrime. Nothing surprising came from the comments, other than the wrinkle that Interpol President Meng Hongwei also serves as the deputy head of Beijing’s internal security agency, the Ministry of Public Safety. China’s Ministry of Public Safety is widely believed to play roles in Chinese hacking operations, including the breach of the U.S. Office of Personnel Management. Now, Meng’s speech is being hailed by some former U.S. officials as a step toward drawing China into universally agreed upon behaviors in cyberspace. And Beijing’s policies are being favorably compared to Russia, where the Kremlin is seen as doubling down on its commitment to weaponizing the attacker’s asymmetric advantage in cyberspace. “I took great heart when I read [Meng’s] speech, because it looks like the campaign … to enforce the rule of law in […]

The post How an Interpol speech shows that China may be evolving on cybercrime appeared first on Cyberscoop.

Continue reading How an Interpol speech shows that China may be evolving on cybercrime→

Pentagon now testing behavioral ID pilot that would replace CAC card

Posted on July 6, 2017 by Shaun Waterman

The Pentagon has finally inked a deal to pilot behavioral biometric technology to identify those using its computer network, more than a year after then-CIO Terry Halvorsen first pledged to get rid of the ubiquitous Common Access Card. Vancouver, Canada-based Plurilock announced the deal last week. The company’s BioTrack technology develops a unique profile of users based on the way they interact with computer keyboards, mice and touchscreens. “After just 20 minutes’ tracking a user’s keystroke style and speed, mouse use, and other behaviors, Plurilock’s software builds a biometric profile unique to that user,” states the company in the release. Behavioral biometrics are thought to provide additional security because they cannot be easily spoofed and they work continuously during the user session, rather than simply identifying the user at the start. “Today’s systems cannot verify user identity with certainty. Hackers steal passwords and tokens, create fake fingerprint impressions, and even re-route phone authentication […]

The post Pentagon now testing behavioral ID pilot that would replace CAC card appeared first on Cyberscoop.

Continue reading Pentagon now testing behavioral ID pilot that would replace CAC card→

U.S. official is first to helm new NATO IT and cyber agency

Posted on July 5, 2017 by Shaun Waterman

Intelligence community management veteran and former Defense Department Deputy Comptroller Kevin Scheid has taken up his new post as general manager of the NATO Communications and Information Agency, NCIA, where he will oversee a multibillion-dollar IT and cybersecurity modernization program for the 29-nation military alliance. NCIA, which operates and defends NATO IT and telecommunications networks, announced the news at the weekend. “I plan to take the first 90 days, like most new heads of large organizations, and do some deep-dives in some key areas, to make sure I understand the status and state of the agency,” Scheid told the NCIA in-house journal. “First, I’ll hold deep dives in the areas of finance … personnel management and the contract issues and how that is progressing, in acquisition, as well as the management of the organization. Do we have the right management structure for the Agency?” Beginning in the fall, Scheid will lead NCIA in a two-year, $3.4 billion IT modernization […]

The post U.S. official is first to helm new NATO IT and cyber agency appeared first on Cyberscoop.

Continue reading U.S. official is first to helm new NATO IT and cyber agency→

Hottest trend for phishing scammers: Buying web domains instead of hacking them

Posted on July 3, 2017 by Shaun Waterman

Hackers are increasingly abusing the highly decentralized web domain-name registration system to buy internet addresses they can use in phishing attacks, a new report says. The scams use legitimately acquired addresses to set up webpages that mimic bank or other e-commerce sites with the intention of tricking consumers into giving over login details and passwords. Such abuse of the domain-name registration system is not new, but it more than trebled last year, according to the Anti-Phishing Working Group’s 2016 Global Phishing Survey, released last week. The report documents in detail more than a quarter-million individual phishing sites that mimicked the web presence of nearly 700 genuine banks or other financial, e-commerce or social media companies and attracted potential victims through links in spam email or other messages. Those 255,056 phishing sites were hosted on nearly 200,000 domains (some domains had multiple sites on them), almost half of which, or 95,424, were registered by hackers through the legitimate domain registration system, overseen by […]

The post Hottest trend for phishing scammers: Buying web domains instead of hacking them appeared first on Cyberscoop.

Continue reading Hottest trend for phishing scammers: Buying web domains instead of hacking them→