Shaun Waterman – Page 25 – WindowsTechs.com

Top Women in Cybersecurity: Suzanne Vautrinot

Posted on March 16, 2017 by Shaun Waterman

Suzanne Vautrinot, President, Kilovolt Consulting; Wells Fargo board member, Major General and Commander, United States Air Force (retired) Suzanne Vautrinot retired from the U.S. Air Force in Oct. 2013 as a major-general and commander of the 24th Air Force, where she’d been in charge of the USAF’s cyber war-fighting capability. During the three decades since her graduation from the Air Force Academy, Vautrinot served as special assistant to the vice chief of staff of the USAF and had senior cyber jobs, including director of plans and policy at U.S. Cyber Command. After retirement, she dived headfirst into the private sector and joined the board of directors of several companies, leveraging her leadership skills and cyber expertise for the Wells Fargo bank, computer security firm Symantec, engineering and project management giant Parsons, water and energy services provider Ecolab and cutting-edge technology research outfit Battelle. Each of the five companies “represents a completely different […]

The post Top Women in Cybersecurity: Suzanne Vautrinot appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Suzanne Vautrinot→

Trump will call for private sector war on botnets, aide says

Posted on March 15, 2017 by Shaun Waterman

One of President Donald Trump’s early cybersecurity actions will be a public call for internet companies to collaborate to stop the scourge of botnets — massive networks of compromised computer hardware weaponized by hackers. “I believe we can radically reduce the number of botnets in this country,” White House homeland security adviser Thomas Bossert said Wednesday. “I believe that’s a voluntary effort … The president will call for that publicly,” he said at a Center for Strategic and International Studies event Wednesday. Bossert said collaboration among internet service providers or ISPs, social media companies and web search engines could identify internet traffic from botnets and “shunt it aside.” Botnets of compromised devices are controlled by hackers known as bot herders, and virtually anything that connects to the internet can be vulnerable. The networks can be used to send vast quantities of fraud-laden spam email, and they also can generate huge attacks targeting a website with constant […]

The post Trump will call for private sector war on botnets, aide says appeared first on Cyberscoop.

Continue reading Trump will call for private sector war on botnets, aide says→

Bossert promises funding, centralization for federal cybersecurity

Posted on March 15, 2017 by Shaun Waterman

President Donald Trump’s budget outline, slated for release Thursday, will propose significant increases in funding for federal cybersecurity, White House homeland security adviser Thomas Bossert said Wednesday. “President Trump intends to put his money where his mouth is,” Bossert said in his his first major policy speech. “Cybersecurity will be funded through DHS and the Department of Defense,” he told the Center for Strategic and International Studies in a keynote address at its Cyber Disrupt 2017 event. Privately, he told a small group prior to his remarks that there would be a “significant plus up” for cyber programs in both DHS and the Pentagon, one of the organizers told CyberScoop. Bossert also promised that the Obama administration’s push to modernize and centralize federal computer networks will continue under Trump. “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, outdated antiquated hardware and software,” Bossert said. “Modernization […]

The post Bossert promises funding, centralization for federal cybersecurity appeared first on Cyberscoop.

Continue reading Bossert promises funding, centralization for federal cybersecurity→

DOD scientists say microchips in weapons can be hacked

Posted on March 13, 2017 by Shaun Waterman

Most of the U.S. military’s weapons systems were built without any effort to protect them from cyberattacks on hardware components, and there is evidence that some already have been fitted with digital backdoors, meaning an enemy could make them fail in a real conflict, Pentagon science advisers said. In its latest report, the Defense Science Board published the results of research by its Task Force on Cyber Supply Chain, concluding that despite the risk, the capital cost of building and maintaining a DoD-owned “foundry” to make its own microchips “is not a feasible expense.” The task force warns in stark terms that current weapons systems may already have been back-doored, meaning they would be useless — or worse — in a shooting war. “Of particular concern are the weapons the nation depends upon today,” reads the report, adding “almost all were developed, acquired, and fielded without formal protection plans,” to guard against the the […]

The post DOD scientists say microchips in weapons can be hacked appeared first on Cyberscoop.

Continue reading DOD scientists say microchips in weapons can be hacked→

White House releases 2016 agency cyberattack stats, claiming progress

Posted on March 10, 2017 by Shaun Waterman

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress→

Home Depot settles suit on card-data breach for $20 million, security pledges

Posted on March 9, 2017 by Shaun Waterman

Home Depot, the DIY retail giant that was robbed of the payment card details of 40 million customers in 2014, has settled a class action consumer lawsuit, agreeing to pay $13 million in cash compensation, spend $6.5 million on ID theft protection and adopt a series of measures to tighten its security. According to settlement papers filed this week and approved by a federal judge Wednesday, customers who had their personal or financial information compromised and registered last year to be part of the class can get reimbursed for losses from the massive data breach of up to $10,000 each. The restitution covers: any still-unreimbursed fraudulent charges on cards with stolen data; the costs and expense of identity theft or fraud; any losses losses caused by restricted access to funds like the costs of taking out a loan, or ATM withdrawal fees; and preventative costs against ID fraud like buying credit monitoring. Home Depot also agreed […]

The post Home Depot settles suit on card-data breach for $20 million, security pledges appeared first on Cyberscoop.

Continue reading Home Depot settles suit on card-data breach for $20 million, security pledges→

Study: Hoarded zero days last seven years and are rarely discovered

Posted on March 9, 2017 by Shaun Waterman

Newly discovered software vulnerabilities known as zero days, if kept secret by the people that find them, tend to stay that way for years and years because there is only about a 1 in 20 chance annually that a hoarded zero day will be independently found by someone else, according to research published Thursday. A RAND Corp. study and statistical analysis of a rare collection of more than 200 zero days — so-called because the manufacturer has “zero days” to fix the security hole — upends much of the conventional wisdom about vulnerability disclosure and the hoarding of knowledge about software flaws. The study — the first-ever published research to examine a dataset including zero day vulnerabilities still undisclosed to the public — comes at a time when the U.S. government’s process for deciding whether or not to disclose such vulnerabilities is facing calls for reform because of WikiLeaks’ dump of an apparent trove of CIA hacking tools […]

The post Study: Hoarded zero days last seven years and are rarely discovered appeared first on Cyberscoop.

Continue reading Study: Hoarded zero days last seven years and are rarely discovered→

Fileless DNS malware used in SEC-filing cyberattacks

Posted on March 8, 2017 by Shaun Waterman

DNSMessenger, the new super-stealthy malware that uses the internet’s address system as a command and control channel is being employed in a financial fraud spear-phishing campaign — targeting executives in large public companies involved with filings to the Securities and Exchange Commission. Threat researchers at FireEye reported the SEC campaign this week, clearing up the mystery which had surrounded DNSMessenger since it was identified at the weekend by Cisco Talos: Who was it aimed at? “We view this [attack] as one component of a very sophisticated, financially motivated cybercrime campaign” by an actor FireEye has dubbed Fin7, the company’s Threat Intelligence Manager John Miller told CyberScoop in an interview. Spear phishing uses carefully crafted fake emails carrying malicious attachments or links — click and the malware is activated. In the case of the new Fin7 campaign, the emails appeared to come from the SEC’s online filing system EDGAR, and the attachment was a […]

The post Fileless DNS malware used in SEC-filing cyberattacks appeared first on Cyberscoop.

Continue reading Fileless DNS malware used in SEC-filing cyberattacks→

WikiLeaks dump reignites debate over feds hoarding zero days

Posted on March 8, 2017 by Shaun Waterman

The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy. Defenders of U.S. policy say there is already a process in place to weigh the risks any time the government decides to keep a newly discovered software vulnerability to itself and weaponize it, rather than sharing it with the vendor so it can be fixed. And a former White House official tells CyberScoop that U.S. agencies should be reaching out to the manufacturers of the products CIA hackers owned to help them fix the holes they have been using. “Time is of the essence,” former White House Cybersecurity Coordinator J. Michael Daniel, told CyberScoop. In a blog […]

The post WikiLeaks dump reignites debate over feds hoarding zero days appeared first on Cyberscoop.

Continue reading WikiLeaks dump reignites debate over feds hoarding zero days→

Blockchain biz gets new D.C. voice

Posted on March 8, 2017 by Shaun Waterman

Blockchain, the revolutionary cryptographic technology that underlies bitcoin and other digital currencies, has a new advocate in Washington, D.C. The Global Blockchain Business Council, launched last month at Davos, announced Wednesday that it is opening a D.C. office and appointing a board of directors. The council brings together the world’s leading blockchain businesses and business executives to “work on educating businesses to help them understand the potential of blockchain and to advocate on behalf of the technology with regulators all across the globe,” said Jamie Smith of the Bitfury Group, one of the companies that helped found the council. Smith said the council would be announcing the location of the Washington office “very soon.” She said the council hoped to “create key moments throughout the year,” through a series of events where that education could happen. Blockchain, also called distributed ledger technology, uses a network of participating computers and distributed cryptographic software to create an […]

The post Blockchain biz gets new D.C. voice appeared first on Cyberscoop.

Continue reading Blockchain biz gets new D.C. voice→