Tim Starks – Page 59 – WindowsTechs.com

Home security technician pleads guilty to spying on women, couples

Posted on January 22, 2021 by Tim Starks

A former ADT home security technician pleaded guilty on Thursday to logging into customers’ video feeds to watch naked women and couples having sex. Telesfloro Aviles faces up to five years in prison. Aviles’ Dallas-area snooping stretched over nearly five years and involved him accessing approximately 200 customer accounts more than 9,600 times, he admitted. “This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said the acting U.S. Attorney for the Northern District of Texas, Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.” ADT still faces civil suits over an incident it first disclosed in April, 2020. Aviles would gain improper access by claiming he needed to temporarily add himself to customers’ “ADT Pulse” accounts to conduct system tests. Other times he would add himself without permission, according to federal prosecutors. ADT says it fired Aviles after discovering […]

The post Home security technician pleads guilty to spying on women, couples appeared first on CyberScoop.

Continue reading Home security technician pleads guilty to spying on women, couples→

Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig

Posted on January 19, 2021 by Tim Starks

Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House. Sulmeyer’s selection came with no formal announcement. Instead, the transition website posted his position Monday evening. Sulmeyer is a cybersecurity veteran with broad experience, one of many to join the Biden administration. He’s also one of several whose tenures have included roles in the Trump administration. Beyond serving under Nakasone, he also served in the Obama administration at the Defense Department, where he was director for plans and operations for cyber policy. Between roles in the Trump and Obama administrations, he was director of the Belfer Center’s Cyber Security Project at the Harvard Kennedy School. He also wrote extensively for Lawfare on subjects like election security, federal cybersecurity strategy and DOD-related cybersecurity issues. In the past, the National Security […]

The post Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig appeared first on CyberScoop.

Continue reading Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig→

CISA tells agencies to consider ad blockers to fend off ‘malvertising’

Posted on January 14, 2021 by Tim Starks

The U.S. Cybersecurity and Infrastructure Security Agency urged federal agencies on Thursday to deploy ad-blocking software and standardize web browser usage across their workforces in order to fend off advertisements implanted with malware. “With many agencies greatly expanding telework options, agencies should increase attention on securing federal endpoints, including associated web browsing capabilities,” the Department of Homeland Security’s cyber arm said in a guide for agencies. With the alert, CISA joins the National Security Agency, which in 2018 likewise urged agencies to adopt ad blockers in response to the threat from “malvertising” that can spread malware. However, CISA cautioned that ad blockers aren’t a cure-all for the issue of malicious adversiting which in recent months has plagued TikTok and a slew of industries during the coronavirus. “Some browser extensions are known to accept payment from advertisers to ensure their ads are allowlisted from blocking,” the agency said, citing concerns that […]

The post CISA tells agencies to consider ad blockers to fend off ‘malvertising’ appeared first on CyberScoop.

Continue reading CISA tells agencies to consider ad blockers to fend off ‘malvertising’→

Iranian venture firm investing in cyber tech is subject of US sanctions

Posted on January 13, 2021 by Tim Starks

The U.S. sanctioned an Iranian venture capital firm on Wednesday that the Treasury Department said invests in cyberspace and information technology. Treasury’s Office of Foreign Assets Control identified the firm, Barkat Ventures, as an arm of an organization that the supreme leader of Iran controls called EIKO, short for Execution of Imam Khomeini’s Order. The sanctions also targeted a second Komeini-controlled organization, Astan Quds Razavi. “These institutions enable Iran’s elite to sustain a corrupt system of ownership over large parts of Iran’s economy,” said Secretary Steven Mnuchin. “The United States will continue to target those who enrich themselves while claiming to help the Iranian people.” Barkat Ventures has a small profile outside Iran. An apparent company website cites its desire to invest in technologies such as the internet of things, electronic health, cryptocurrency and software as a service. Its overall goal is to reduce barriers for entrepreneurs in “knowledge-based” businesses, […]

The post Iranian venture firm investing in cyber tech is subject of US sanctions appeared first on CyberScoop.

Continue reading Iranian venture firm investing in cyber tech is subject of US sanctions→

US government sanctions more Ukrainians tied to Biden family smear

Posted on January 11, 2021 by Tim Starks

The U.S. Treasury Department on Monday leveled sanctions at another batch of current and former Ukrainian government officials it says are affiliated with a 2020 election influence campaign. Treasury said all four men have publicly associated themselves with Andrii Derkach, a previously sanctioned Ukrainian parliament member and suspected Russian agent who has met with President Donald Trump’s personal attorney Rudy Giuliani as part of his bid to spread misinformation about the Biden family. Of the four, Konstantin Kulyk, Oleksandr Onyshchenko and Andriy Telizhenko are former Ukrainian government officials, while Oleksandr Dubinsky currently sits in parliament. Treasury says they are part of Derkach’s inner circle and have coordinated to spread fraudulent, unproven claims. In total, Treasury’s Office of Foreign Assets Control imposed sanctions on Monday on seven individuals and four “media front companies” associated with the disinformation campaign. The other three men are also Derkach supporters, Treasury said. In a sign […]

The post US government sanctions more Ukrainians tied to Biden family smear appeared first on CyberScoop.

Continue reading US government sanctions more Ukrainians tied to Biden family smear→

Kaspersky discovers overlap between SolarWinds hack, Turla

Posted on January 11, 2021 by Tim Starks

Security researchers on Monday linked the SolarWinds breach to a different set of suspected Russian hacking tools, finding commonalities between that attack and the methods of the Turla group. Moscow-based Kaspersky said the source code for Sunburst, one of the nicknames for the malware that attackers used in the SolarWinds hack, overlapped with the Kazuar backdoor that Turla has deployed in the past. The Turla group is known for stalking embassies and ministries of foreign affairs in Europe and elsewhere for sensitive data. Sources have told reporters that the Russian hacking group APT29, or Cozy Bear, is responsible for the SolarWinds attack. Cozy Bear is most often linked to the SVR, the Russian foreign intelligence service. Turla, by contrast, is usually affiliated with another Russian intelligence service, the FSB. U.S. government investigators have only said the attack is “likely Russian in origin.” Cyber threat intelligence firms have been cautious about […]

The post Kaspersky discovers overlap between SolarWinds hack, Turla appeared first on CyberScoop.

Continue reading Kaspersky discovers overlap between SolarWinds hack, Turla→

Biden transition fills some top cybersecurity personnel spots

Posted on January 8, 2021 by Tim Starks

The incoming Biden administration has spent the week heralding some of its cybersecurity-related personnel decisions, even as a couple key jobs remain a question mark. The Biden transition on Friday announced a slew of National Security Council picks. Among them is Caitlin Durkovich to serve as senior director for resilience and response, reflecting a similar role she once held at a Department of Homeland Security division that Congress later renamed and reorganized as the Cybersecurity and Infrastructure Security Agency. Andrea Kendall-Taylor will take the job of senior director for Russia and Central Asia, areas she worked on during a prior government stint in the intelligence community. “This outstanding team of dedicated public servants will be ready to hit the ground running on day one to address the transnational challenges facing the American people — from climate to cyber,” said Vice President-elect Kamala Harris. “They reflect the very best of our […]

The post Biden transition fills some top cybersecurity personnel spots appeared first on CyberScoop.

Continue reading Biden transition fills some top cybersecurity personnel spots→

Federal courts are latest apparent victim of SolarWinds hack

Posted on January 7, 2021 by Tim Starks

The federal judiciary’s electronic case management and filing system suffered “an apparent compromise” as part of the SolarWinds breach, according to the Administrative Office of the U.S. Courts. The office is still assessing the impact, but a representative says the organization has stepped up security precautions in the meantime. “The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” James Duff, secretary of the judiciary’s national policy-making body — the Judicial Conference of the United States — said in a Wednesday communication to the courts. Federal courts are a potential goldmine for hackers, as they harbor sensitive data on millions of people. Government investigators have said Russia is likely behind a cyber-espionage campaign that hit federal agencies and major companies via updates to the SolarWinds Orion software. The Administrative Office of the U.S. Courts said it was working on […]

The post Federal courts are latest apparent victim of SolarWinds hack appeared first on CyberScoop.

Continue reading Federal courts are latest apparent victim of SolarWinds hack→

Nissan investigating possible source code exposure

Posted on January 6, 2021 by Tim Starks

Nissan is examining whether source code for its North American division’s mobile apps, marketing tools and more have leaked online, the company said. “We are aware of a claim regarding a reported improper disclosure of Nissan’s confidential information and source code,” said a Nissan spokesperson. “We take this type of matter seriously and are conducting an investigation.” Tillie Kottmann, a software engineer, publicized the apparently leaked information earlier this week on Twitter and Telegram. They told CyberScoop the information came via a “severely mismanaged” server that had the username and password of “admin:admin.” “I was informed about the server by an anonymous source but acquired it myself and can thus mostly verify it,” Kottmann said via a Twitter direct message exchange. Kottmann said they also heard some ex-Nissan employees recognized projects there. Poorly configured servers are a common source of online data leaks, in recent months afflicting Razer, medical scans, […]

The post Nissan investigating possible source code exposure appeared first on CyberScoop.

Continue reading Nissan investigating possible source code exposure→

Microsoft says SolarWinds hackers accessed company source code

Posted on December 31, 2020 by Tim Starks

Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely harmless in an update to an internal investigation. “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said in a blog post. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.” The initial reports that Microsoft suffered a breach via updates to the SolarWinds Orion software generated some partial denials, but the investigation update helps illuminate what happened, and what didn’t, in an apparent cyber-espionage operation that also hit the federal government and other major companies. Microsoft “found no evidence of access to production […]

The post Microsoft says SolarWinds hackers accessed company source code appeared first on CyberScoop.

Continue reading Microsoft says SolarWinds hackers accessed company source code→