Tim Starks – Page 57 – WindowsTechs.com

Election Assistance Commission loses another key staffer, Jerome Lovato

Posted on February 24, 2021 by Tim Starks

Another top official is exiting the staff of the Election Assistance Commission, the third in recent months for the small agency that plays an outsized role in U.S. election security. Jerome Lovato, the testing and certification director for voting system certification at the EAC, is leaving that position next month, two sources told CyberScoop. And the commission began advertising the opening for the job he holds last week. His departure follows Josh Franklin leaving his job as EAC chief technology officer in December, and in November, Maurice Turner leaving as senior adviser to the executive director of the commission. The exits come at a sensitive time for the commission. The EAC this month voted to approve a long-awaited update to its widely-used voluntary voting system guidelines, nicknamed VVSG 2.0, and a perhaps years-long implementation period will follow. Those guidelines emphasize the value of risk-limiting audits that help verify election results, […]

The post Election Assistance Commission loses another key staffer, Jerome Lovato appeared first on CyberScoop.

Continue reading Election Assistance Commission loses another key staffer, Jerome Lovato→

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Posted on February 23, 2021 by Tim Starks

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries→

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

Posted on February 22, 2021 by Tim Starks

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings→

US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree

Posted on February 17, 2021 by Tim Starks

Prosecutors unsealed an indictment on Wednesday charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash. The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak. In a second unsealed case on Wednesday, a Canadian-American citizen pleaded guilty to serving as a money launderer for numerous schemes, including a cyber bank heist that North Korean hackers orchestrated. “As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division. The indictment […]

The post US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree appeared first on CyberScoop.

Continue reading US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree→

Tim Maurer takes front office DHS cybersecurity job advising Mayorkas

Posted on February 16, 2021 by Tim Starks

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas, two sources familiar with the move told CyberScoop. It’s a job title that a number of cybersecurity luminaries to pass through the department have held over the years, including the current acting director of DHS’s Cybersecurity and Infrastructure Agency, Brandon Wales, former CISA Director Chris Krebs and CISA’s former assistant secretary for cybersecurity, Jeanette Manfra. According to his Carnegie bio, Maurer “works on the geopolitical implications of the Internet and cybersecurity, with a focus on the global financial system, influence operations, and other areas of importance as actors exploit the gray space between war and peace.” He also was a senior fellow at Carnegie’s Technology and International Affairs program. He recently […]

The post Tim Maurer takes front office DHS cybersecurity job advising Mayorkas appeared first on CyberScoop.

Continue reading Tim Maurer takes front office DHS cybersecurity job advising Mayorkas→

Investigators suggest hackers exploited weak password security to breach Florida water facility

Posted on February 12, 2021 by Tim Starks

A clearer picture of poor security practices in Oldsmar, Florida prior to the dangerous hack of its water treatment plant is beginning to emerge, even as an investigation into the matter continues one week after the incident. Three federal agencies teamed up with an organization that shares threat information between states to issue an alert late Thursday explaining how the breach, in which a hacker allegedly tried to raise sodium hydroxide levels to amounts that are harmful to humans, might have unfolded. Initial clues suggest the incident, which was detected before it amounted to a threat to public drinking water, was made possible by lax data protection strategies and exploitation of a software tool. “The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system,” reads the alert from the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Environmental […]

The post Investigators suggest hackers exploited weak password security to breach Florida water facility appeared first on CyberScoop.

Continue reading Investigators suggest hackers exploited weak password security to breach Florida water facility→

Biden administration pauses Trump’s plans to ban WeChat, TikTok

Posted on February 11, 2021 by Tim Starks

President Joe Biden is giving a reprieve to Chinese apps that his predecessor’s administration had put on the defensive. On Thursday, the Commerce Department said in a court filing that it was reviewing the Trump administration’s bid to ban WeChat. It comes one day after a similar court filing where Commerce said it was reviewing the proposed ban on TikTok, and after the Biden administration has reportedly “indefinitely” placed on hold the plans to force the sale of TikTok’s American division to Oracle and Walmart. In Thursdays’ filing, the department asked the Ninth Circuit Court of Appeals to pause a court case challenging the WeChat ban, which the Trump administration sought to implement in response to what it deemed the national security threat the app posed. “As the Biden Administration has taken office, the Department of Commerce has begun a review of certain recently issued agency actions, including the Secretary’s […]

The post Biden administration pauses Trump’s plans to ban WeChat, TikTok appeared first on CyberScoop.

Continue reading Biden administration pauses Trump’s plans to ban WeChat, TikTok→

Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Posted on February 11, 2021 by Tim Starks

Food delivery apps have taken off during the pandemic, and it looks like fraudsters have taken notice. Fraud detection company Sift said Thursday it has seen a rash of scams within the chat app Telegram that target restaurants and delivery apps for theft. It’s a low-level grift that goes like this: The fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off. Diners send a direct message with a screen shot of their food app shopping cart and delivery address. The diner then pays the fraudster for the discounted meal in cryptocurrency, and the fraudster in turn covers the full cost through a new account, stolen credit card information or a hacked account. Diners get their food at a discount, restaurants are stuck with bogus payments, and the crooks get away with a profit. And all of it happens in a chat […]

The post Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders appeared first on CyberScoop.

Continue reading Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders→

Federal election agency adopts updated voting security standards. Not everyone is happy.

Posted on February 10, 2021 by Tim Starks

The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and […]

The post Federal election agency adopts updated voting security standards. Not everyone is happy. appeared first on CyberScoop.

Continue reading Federal election agency adopts updated voting security standards. Not everyone is happy.→

42% of Gmail scams targeted American users, Google finds

Posted on February 9, 2021 by Tim Starks

Who you are, where you are and how you experience online life are all major factors in whether you’re targeted for phishing and malware campaigns on Gmail, a joint Stanford University-Google study concluded. The examination of 1.2 billion email-based phishing and malware attacks against Gmail users found that the risk of getting hit correlated at least in some significant measure to age, country, frequency of Gmail usage and past breach exposure. Users in the U.S. were most likely to be targeted, attracting 42% of the attacks that researchers tracked. U.K. users were the subject of 10% of attacks, while people in Japan came in third, with 5%. Higher age groups also encountered higher odds of being targeted. For instance, the 55 to 64 age group was 1.64 times more likely to experience an attack compared to 18- to 24-year-olds. Google publicized the study Tuesday, saying it teamed with Stanford researchers […]

The post 42% of Gmail scams targeted American users, Google finds appeared first on CyberScoop.

Continue reading 42% of Gmail scams targeted American users, Google finds→