Shaun Waterman – Page 22 – WindowsTechs.com

Millions hit with banking malware using new Microsoft Word zero day

Posted on April 11, 2017 by Shaun Waterman

Millions of email users were affected this week by a hacking campaign exploiting a newly discovered vulnerability in Microsoft’s Office suite of software applications — just days after it was controversially made public Friday by cybersecurity outfit McAfee. The news comes as FireEye, another security company that independently discovered the vulnerability last month, revealed it has also been used to help install the “lawful intercept” software known as FinFisher or FinSpy on computers used by Russian-speakers and in a campaign using LatentBot, an information-stealing and remote-access malware package associated with financially motivated cybercriminals. But on Monday evening East Coast time, the vulnerability was exploited in a massive campaign of spam email directed at millions of computer users in Australia. The email was designed to look as if it had come from a printer or scanner on the recipient’s own network. It bore a malicious attachment, known as a lure, designed to infect targeted […]

The post Millions hit with banking malware using new Microsoft Word zero day appeared first on Cyberscoop.

Continue reading Millions hit with banking malware using new Microsoft Word zero day→

Microsoft will patch Office zero day revealed by McAfee, FireEye

Posted on April 11, 2017 by Shaun Waterman

Microsoft says it is patching the zero day vulnerability in its ubiquitous Office suite of software applications revealed last week by McAfee. “We plan to address this through an update on Tuesday, April 11, and customers who have updates enabled will be protected automatically,” Microsoft said in a company statement emailed to CyberScoop. “Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files … to avoid this type of issue.” The vulnerability would allow a hacker to remotely take over a targeted computer — even one fully patched and up to date — as soon as the user opens an attachment. It exploits a flaw in Windows’ Object Linking and Embedding (OLE), an important feature of Office, which lets users embed or link to other Office documents, like spreadsheets or charts. But Microsoft initially learned of the vulnerability several weeks ago, from security firm FireEye, who had privately […]

The post Microsoft will patch Office zero day revealed by McAfee, FireEye appeared first on Cyberscoop.

Continue reading Microsoft will patch Office zero day revealed by McAfee, FireEye→

Malware that bricks insecure IoT devices might be anti-botnet vigilante tool

Posted on April 10, 2017 by Shaun Waterman

A new variety of malicious software is capable of attacking and effectively destroying insecure connected Internet of Things devices, using the same security flaws exploited by the notorious Mirai botnet, a researcher says. It’s not clear how many devices might have been damaged by the BrickerBot malware, Pascal Geenens, the researcher who discovered it, told CyberScoop. But the malware, which attacks the devices by trying to corrupt their firmware and flash memory, is at the very least a powerful proof-of-concept likely to inspire copycats. Geenens, a cybersecurity evangelist for Radware, last month found two varieties of BrickerBot attacking his honeypot — a network of computers left on the internet as bait for hackers — but since the honeypot doesn’t contain any actual IoT devices, he couldn’t be sure exactly what the impact of the attack might be in real life. Geenens speculated the author might be some kind of digital vigilante — aiming to alert the world to the ease […]

The post Malware that bricks insecure IoT devices might be anti-botnet vigilante tool appeared first on Cyberscoop.

Continue reading Malware that bricks insecure IoT devices might be anti-botnet vigilante tool→

DHS’s diagnostics open door to collaboration among agencies, says Commerce official

Posted on April 6, 2017 by Shaun Waterman

A funny thing happened when the CIO Council at the Department of Commerce sat down to figure out how to deploy the new tools coming from the Department of Homeland Security’s Continuous Diagnostics and Monitoring, or CDM, program. Rod Turk, the department’s CISO and acting CIO, said people on the council —which brings together the CIOs from all the various agencies and bureaus that make up Commerce — started asking questions. “Questions like, ‘Why do we have multiple Security Operation Centers and Network Operation Centers?’ … We have three SOC’s just in [the Commerce headquarters building] … What can we do more efficiently?” recalled Turk, who said he’s sat on the council for about eight years. Turk spoke at a breakout session on CDM on Thursday at the 2017 McAfee Security Through Innovation Summit hosted by FedScoop and CyberScoop. Under the governmentwide CDM program, DHS pays for cybersecurity tools and services that monitor the IT networks […]

The post DHS’s diagnostics open door to collaboration among agencies, says Commerce official appeared first on Cyberscoop.

Continue reading DHS’s diagnostics open door to collaboration among agencies, says Commerce official→

DHS’s diagnostics open door to collaboration among agencies, says Commerce official

Posted on April 6, 2017 by Shaun Waterman

The post DHS’s diagnostics open door to collaboration among agencies, says Commerce official appeared first on Cyberscoop.

Continue reading DHS’s diagnostics open door to collaboration among agencies, says Commerce official→

Federal officials say their cybersecurity paradigm is changing

Posted on April 6, 2017 by Shaun Waterman

Technologies like cloud computing are changing the way federal agencies think about cybersecurity, with more emphasis on network resilience over perimeter security and an overriding need for automation, officials said Thursday. Cybersecurity today “comes down to automating your response. If you cannot automate your response [to an attack], you are hosed, you simply are hosed,” Paul Pitelli, head of information assurance at the NSA, told a panel at the 2017 McAfee Security Through Innovation Summit, produced by CyberScoop. Automation was a continuing theme at the event, discussed as a way to address cybersecurity workforce shortages and also improve the consistency and reliability of network defenses. Speakers drew a distinction between tasks that could be made “automatic” — where no input was required — and those that might be mundane but require some input or judgment, which could be automated with sufficiently sophisticated software. “Have your humans work on human tasks and your computers […]

The post Federal officials say their cybersecurity paradigm is changing appeared first on Cyberscoop.

Continue reading Federal officials say their cybersecurity paradigm is changing→

Online Trust Alliance merges with Internet Society

Posted on April 5, 2017 by Shaun Waterman

The Online Trust Alliance, which has for a dozen years brought together business leaders from cybersecurity and technology companies to develop technical standards and public audits designed to maximize consumer security and trust online, is merging with the much larger and older Internet Society, the organizations announced Wednesday. “We are always looking to see what we can do to amplify our efforts,” OTA President and Executive Director Craig Spiezle told CyberScoop, saying that merger discussions had begun after a chance meeting with Internet Society Chief Internet Technology Officer Olaf Kolkman in Austin last October. Neither organization was really looking for partnership at that time, he said, “One thing led to another.” The Internet Society was founded in 1992, by two men widely regarded as the fathers of the internet — Vint Cerf and Bob Kahn. It is one of the oldest parts of the so-called internet governance ecosystem — the hodgepodge […]

The post Online Trust Alliance merges with Internet Society appeared first on Cyberscoop.

Continue reading Online Trust Alliance merges with Internet Society→

Online Trust Alliance merges with Internet Society

Posted on April 5, 2017 by Shaun Waterman

The post Online Trust Alliance merges with Internet Society appeared first on Cyberscoop.

Continue reading Online Trust Alliance merges with Internet Society→

New insurance covers cyber risks for the wealthy

Posted on April 5, 2017 by Shaun Waterman

Some of the wealthiest Americans can now expand their home insurance packages to include expert advice and technology for reducing their exposure to cyberattacks, as well as a variety of complimentary or reimbursable services if they do get hacked. AIG said it this week would be offering a “Family CyberEdge” product to existing customers of their Private Client Group, as an add-on to the home insurance packages it already offers. The Private Client Group caters to families with a net worth of more than $1 million and includes 40 percent of the individuals on the Forbes 400 list of the richest Americans. Its products are advertised as being suitable for “the most beautiful homes” and include packages for wine and art collections, as well as special services for people who own properties in multiple countries. The Family CyberEdge package includes a wide range of “risk mitigation services,” including an audit of personal mobile devices, home networks, wireless access points and social media, […]

The post New insurance covers cyber risks for the wealthy appeared first on Cyberscoop.

Continue reading New insurance covers cyber risks for the wealthy→

New warning: Super-stealthy fileless malware on the rise

Posted on April 4, 2017 by Shaun Waterman

Super-stealthy, fileless malware is increasingly being used to defeat cybersecurity systems and allow hackers to gain control of heavily guarded computer networks — and most organizations aren’t equipped it to detect, let alone defeat it, according to a new government warning. “We assess most organizations are not currently equipped to defend against these tactics,” states the New Jersey Cybersecurity and Communications Integration Cell in a recent public bulletin. The warning cautions that fileless or “non-malware” attacks could be used by cyberspies or those bent on theft or data destruction — as distinct from those cases where it has previously been employed in financial cybercrime. The New Jersey cell states it has “high confidence that fileless and ‘non-malware’ intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks … to enable future acts of sabotage.” The […]

The post New warning: Super-stealthy fileless malware on the rise appeared first on Cyberscoop.

Continue reading New warning: Super-stealthy fileless malware on the rise→