Shaun Waterman – Page 19 – WindowsTechs.com

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

Microsoft slams NSA over WannaCry ransomware

Posted on May 15, 2017 by Shaun Waterman

A top Microsoft exec criticized at the U.S. and other governments who hoard software exploits in the wake of the massive global infection by WannaCry ransomware as the company struggled to deal with the fallout from the hundreds of thousands of unpatched computers affected, for the first time offering free patches for older software products it long ago stopped supporting. In a blog post Sunday, the Redmond, Wash.-based software giant’s President and Chief Legal Officer Brad Smith said WannaCry — which has spread across the internet due to a backdoor kept secret by the National Security Agency — should be “a wake-up call” for governments all over the world. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” he wrote, comparing the theft of the NSA tools — publically published last month by an anonymous group calling itself […]

The post Microsoft slams NSA over WannaCry ransomware appeared first on Cyberscoop.

Continue reading Microsoft slams NSA over WannaCry ransomware→

Trump signs long-awaited cybersecurity executive order

Posted on May 11, 2017 by Shaun Waterman

President Trump signed an executive order on cybersecurity Thursday, saying his administration will begin to manage cyber-risk across the U.S. government as a whole, hold agency heads personally responsibility for the protection of their networks and place modernization of federal IT at the heart of efforts to bolster computer security. “We spend a lot of time and inordinate money protecting antiquated and outdated systems,” said Thomas Bossert, the president’s homeland security adviser, who made a surprise appearance at the podium during the daily White House press briefing to announce the signing. The EO, which had originally been scheduled to be signed in January — only to be pulled the day of the planned signature — has been circulating in increasingly detailed draft form since then, but the signing Thursday came out of the blue on a day the White House continued to struggle with the fallout from the president’s shock decision to fire FBI Director James […]

The post Trump signs long-awaited cybersecurity executive order appeared first on Cyberscoop.

Continue reading Trump signs long-awaited cybersecurity executive order→

DHS dominates government infosec awards

Posted on May 11, 2017 by Shaun Waterman

Workforce issues were prominent as the Department of Homeland Security dominated the winners’ list Wednesday night at the 14th annual U.S. Government Information Security Leadership Awards ceremony. The awards, dished out by the International Information System Security Certification Consortium, or (ISC)², went to a slew of up-and-comers and veterans alike from the cybersecurity field in three U.S. agencies — but DHS dominated, with its staff or former staff winning four of six government slots. Dan Waddell, head of U.S. government Affairs for (ISC)², said it was time to stop thinking about cybersecurity as an IT issue or as the responsibility of specific professionals. “Cybersecurity is everyone’s job,” he said. The awards come as federal agencies continue to entertain ideas about how to recruit and retain cybersecurity talent. The sole nongovernmental award — “Most Valuable Industry Partner” — went to Parham Eftekhari and James Scott for their work in founding the first-ever cybersecurity think tank, the Institute for […]

The post DHS dominates government infosec awards appeared first on Cyberscoop.

Continue reading DHS dominates government infosec awards→

Mobile-encryption markets booming, despite cops’ concerns

Posted on May 10, 2017 by Shaun Waterman

The growth of ubiquitous global mobile encryption may be a bane for U.S. law enforcement — but it is a boom market that will almost quadruple in size over the next five years, according to a new projection. Currently worth $761.4 million, the mobile encryption market worldwide is set to grow at a compounded annual rate of just over 30 percent to reach $2.92 billion by 2022, according to figures from MarketsandMarkets, a research outfit in Pune, India, which provides quantified B2B research. MarketsandMarkets found that the key forces driving growing demand for mobile encryption include “the proliferation of smartphones and tablets across enterprises, the [need to meet] stringent compliance and regulatory requirements, and increased concerns for data security and privacy issues.” Growing adoption of cloud-based mobile encryption solutions will also contribute to growth. The research divides the market into four applications — full-disk encryption, file/folder encryption, communications encryption, and cloud encryption. Full-disk encryption — […]

The post Mobile-encryption markets booming, despite cops’ concerns appeared first on Cyberscoop.

Continue reading Mobile-encryption markets booming, despite cops’ concerns→

U.S. sends diplomats into info battles unarmed, experts say

Posted on May 9, 2017 by Shaun Waterman

In the fight against Russian misinformation campaigns, U.S. diplomats are hamstrung by outdated laws and rules, and they are technologically ill-equipped for battle, a State Department advisory panel was told Tuesday. “We’re sending our [information] soldiers into battle without weapons, essentially … It’s simply unacceptable,” former senior State Department official Tom Cochran told the U.S. Advisory Commission on Public Diplomacy, which published a report on the future of U.S. efforts abroad to combat technologically and hacking-enabled information operations like the one against the 2016 presidential election. Copies of “Can Public Diplomacy Survive the Internet? – Bots, Echo Chambers and Disinformation,” were distributed at the meeting and digitally afterwards, but the report was still unavailable on the State Department website as of early Tuesday evening. “There’s a lot that we should be able to do [with technology] … in a very white hat kind of way that we can’t … because we’re governed by a […]

The post U.S. sends diplomats into info battles unarmed, experts say appeared first on Cyberscoop.

Continue reading U.S. sends diplomats into info battles unarmed, experts say→

Microsoft hurries to patch ‘worst’ Windows vulnerability

Posted on May 9, 2017 by Shaun Waterman

Microsoft has rushed out a self-installing patch for a zero-day vulnerability in a Windows security program that allows hackers to take over a computer just by sending an email. “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” reads the advisory about the patch Microsoft issued Monday. That means hackers can exploit the flaw simply by sending an email with a specially designed attachment. As soon as the malware engine scans the attachment, the code opens the vulnerability and the attacker can take control. Remote code execution bugs are considered the most severe kind of security vulnerability, and flaws in security software are often especially bad because of its trusted status on the machine. The Microsoft security advisory said there was no evidence the vulnerability— designated CVE-2017-0920 — “had been publicly used to attack customers” at the time of publication. The company added […]

The post Microsoft hurries to patch ‘worst’ Windows vulnerability appeared first on Cyberscoop.

Continue reading Microsoft hurries to patch ‘worst’ Windows vulnerability→

(ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

Posted on May 9, 2017 by Shaun Waterman

Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]

The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.

Continue reading (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay→

Intel chip vulnerability gets quick patch in some products, longer timeline in others

Posted on May 5, 2017 by Shaun Waterman

Manufacturers of the millions of business PCs, laptops and servers using Intel chips with a newly discovered critical security vulnerability say they are working as fast as they can to distribute the fix to customers. But only two companies so far issued a timetable for rolling out patches, and the schedule already stretches deep into June, meaning many users will have to wait more than a month for a fix. In a statement sent Friday to CyberScoop, Intel said, “We have implemented and validated a firmware update to address the problem and we are collaborating with computer-makers to facilitate a rapid and smooth integration with their software.” The vulnerability, which the company reported May 1, allows an attacker to bypass the password protection on Intel’s special remote-administration firmware, known as Advanced Management Technology. AMT is firmware, meaning it runs on the microprocessor chip itself, beneath the operating system, completely bypassing any security precautions or software. Unless manufacturers ship products with […]

The post Intel chip vulnerability gets quick patch in some products, longer timeline in others appeared first on Cyberscoop.

Continue reading Intel chip vulnerability gets quick patch in some products, longer timeline in others→