Tim Starks – Page 40 – WindowsTechs.com

Robinhood breach exposed information on 7 million people

Posted on November 9, 2021 by Tim Starks

Robinhood, a popular stock-trading app, said that it has been breached by someone who accessed information on 7 million people, then sought to extort the company. The breach on Nov. 3 provided access to 5 million email addresses and 2 million full names, with another approximately 310 having additional information like zip codes and dates of birth exposed. Around 10 more had “more extensive account details” exposed, the company announced on Monday. Robinhood has become a force in the financial market, with 18 million clients and $80 billion in assets, a summer filing stated. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident,” Robinhood’s statement reads. It’s the first notable cyber incident on the company to […]

The post Robinhood breach exposed information on 7 million people appeared first on CyberScoop.

Continue reading Robinhood breach exposed information on 7 million people→

Hackers with Chinese links breach defense, energy targets, including one in US

Posted on November 8, 2021 by Tim Starks

Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research. The hackers were “indiscriminate” in targeting that included parts of the U.S. Defense Department, according to Palo Alto Networks, which published its findings on Sunday with an assist from the National Security Agency’s Cybersecurity Collaboration Center. That center primarily works with defense contractors to collect and share threat information. At least one of the victims was a U.S. organization, Palo Alto Networks said, but didn’t name the nine compromised entities. The company “believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization.” The research comes on the heels of a Sept. 16 warning from the Department of Homeland Security’s Cybersecurity […]

The post Hackers with Chinese links breach defense, energy targets, including one in US appeared first on CyberScoop.

Continue reading Hackers with Chinese links breach defense, energy targets, including one in US→

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

Posted on November 5, 2021 by Tim Starks

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication→

White House preps order to clarify top cyber roles in federal government

Posted on November 3, 2021 by Tim Starks

The Biden administration is working on an executive order that spells out the responsibilities of myriad top cybersecurity officials in the federal government, National Cyber Director Chris Inglis said Wednesday. Specifically, the idea would be to solidify the position of his office, only established by law in January, Inglis told the House Homeland Security Committee. “The statute has gone a long way, and the policies that we have described, have gone a a further distance in describing the what the roles and responsibilities are of the various layers in this space,” Inglis told the panel. “We are in discussion within the White House about when and how to effect an executive order that would bring additional clarity to these roles and responsibilities.” It would be the second major cybersecurity executive order of the administration, following on May’s sweeping directive for federal agencies and contractors to improve their digital defenses. The […]

The post White House preps order to clarify top cyber roles in federal government appeared first on CyberScoop.

Continue reading White House preps order to clarify top cyber roles in federal government→

CISA tells agencies to fix hundreds of software flaws, prep for future vulnerabilities

Posted on November 3, 2021 by Tim Starks

The Cybersecurity and Infrastructure Security Agency is ordering federal agencies to patch nearly 300 known, exploited vulnerabilities in a directive published Wednesday. It’s a change from past practice for Binding Operational Directives from the Department of Homeland Security’s main cyber wing. The orders have focused more frequently on one major vulnerability at a time, or have directed agencies to set up broader policies addressing subjects like establishing vulnerability disclosure programs. As rationale, the agency pointed to issues in Microsoft Exchange technology that suspected Chinese hackers seized upon to target victims worldwide in early 2021. Under the order, agencies must patch vulnerabilities from a CISA-created catalog by dates that range from two weeks for flaws observed this year to six months for those prior. Further, agencies must build a process for fixing such vulnerabilities on an ongoing basis in the future. CISA said the directive is a response to its belief […]

The post CISA tells agencies to fix hundreds of software flaws, prep for future vulnerabilities appeared first on CyberScoop.

Continue reading CISA tells agencies to fix hundreds of software flaws, prep for future vulnerabilities→

CISA starts identifying targets most necessary to protect from hacking

Posted on October 29, 2021 by Tim Starks

The Cybersecurity and Infrastructure Security Agency has begun working to map out the U.S. critical infrastructure that, if hacked, could result in serious consequences for national security and economic interests, CISA Director Jen Easterly said Friday. Labeling such infrastructure is the subject of a proposal of the Cyberspace Solarium Commission, a congressional committee, which recommended identifying “systemically important critical infrastructure,” or SICI. Lawmakers have introduced SICI legislation in recent months, but Easterly said her Department of Homeland Security agency is proceeding ahead with or without a bill. “Notwithstanding whether this ends up in legislation or not, and I certainly hope it does, we are already thinking through the model,” she said at an event hosted by the Center for Strategic and International Studies. “We’re in a state now where a critical infrastructure is much more vulnerable than it should be. And frankly, that’s what I worry about most every day.” […]

The post CISA starts identifying targets most necessary to protect from hacking appeared first on CyberScoop.

Continue reading CISA starts identifying targets most necessary to protect from hacking→

National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim

Posted on October 28, 2021 by Tim Starks

National Cyber Director Chris Inglis is fleshing out what, exactly, his new office plans to do with itself. With a “strategic intent statement,” a personnel move, a pair of interviews and a newspaper op-ed, Inglis and his office on Thursday provided their most concrete objectives to date for a White House post that sprung into existence in January, and that Inglis won confirmation for in June. He joined a crowded field of feds focused on cyber, from other offices within the White House to departments and agencies like the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency and the National Security Agency. Inglis said Thursday that it’s a natural, when looking at the disparate organizations in the federal government with cybersecurity responsibilities, to wonder who’s in charge. But he said there were “more appropriate” questions. “How do we bring coherence, how do drive public-private collaboration, how do we have […]

The post National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim appeared first on CyberScoop.

Continue reading National Cyber Director Chris Inglis, new cyber kid on the federal block, begins to stake a claim→

Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles

Posted on October 28, 2021 by Tim Starks

Federal Chief Information Security Officer Chris DeRusha, who has played an integral part in responding to the SolarWinds hack, is getting a second gig as deputy national cyber director for federal cybersecurity. National Cyber Director Chris Inglis hailed DeRusha’s appointment on Twitter Thursday. “Personally announcing Federal CISO Chris DeRusha as the new Deputy National Cyber Director for Federal Cybersecurity,” Inglis tweeted. “We are excited to see how Chris’s dual designation as Federal CISO at @OMBPress will improve federal coherence in the cyber domain.” DeRusha steps into his additional role at a time when questions persist on Capitol Hill about the breakdown of cyber roles within the federal bureaucracy. The national cyber director’s office is the newest addition to that bureaucracy, established only this year. The office is coming into being as the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency is increasingly focused on incident response and information sharing in […]

The post Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles appeared first on CyberScoop.

Continue reading Federal CISO Chris DeRusha appointed deputy national cyber director, will serve both roles→

‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak

Posted on October 27, 2021 by Tim Starks

A “cyber event” knocked plants and distribution centers offline at Schreiber Foods, a multibillion-dollar dairy company, a spokesperson told CyberScoop Wednesday. The incident began affecting operations Friday evening, according Schreiber Foods’ Andrew Tobisch. “We began the process of bringing our plants and distribution centers back up late Monday,” he said. Tobisch would not answer whether the “cyber event” was a ransomware attack, as one news outlet reported. Nonetheless, it marks the latest incident afflicting the food and agriculture sector, a trend that has drawn attention from U.S. national security agencies in recent months. The May ransomware attack on meat supplier JBS, in which the firm paid an $11 million extortion fee, was the most prominent, followed by attacks on two grain cooperatives. Attackers hit Iowa-based New Cooperative in September, demanding $5.9 million, and Crystal Valley Cooperative, a Minnesota agriculture supplier. That series of events triggered an FBI private industry notice, […]

The post ‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak appeared first on CyberScoop.

Continue reading ‘Cyber event’ knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak→

CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader

Posted on October 26, 2021 by Tim Starks

The Cybersecurity and Infrastructure Security Agency named a Republican secretary of state who has challenged GOP attempts to overturn the 2020 presidential race as its top election security official on Tuesday. Kim Wyman, Washington’s secretary of state since 2013, will take the job of senior election security lead at CISA, the Department of Homeland Security’s primary cybersecurity arm. “Her decades of experience, unparalleled expertise, and unimpeachable integrity have earned her bipartisan respect at every level of government,” said CISA Director Jen Easterly. “Free and fair elections are a cornerstone of our democracy; Kim and I share a common view that ensuring the security of our elections must be a non-partisan effort.” CNN first reported that the White House was expected to name Wyman on Monday. CISA hopes her state experience will bolster relationships with election administrators across the U.S., although Republicans who have pushed for ballot reviews in states such […]

The post CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader appeared first on CyberScoop.

Continue reading CISA selects Kim Wyman, GOP official who criticized false election fraud claims, as election security leader→