Zaid Shoorbajee – Page 10 – WindowsTechs.com

Proofpoint: One month out from deadline, half of agency domains are DMARC compliant

Posted on September 17, 2018 by Zaid Shoorbajee

With a month left on a deadline for federal government domains to implement a key email security policy, cybersecurity company Proofpoint says agencies have made significant progress, but is doubtful that each one will actually make it in time. The Department of Homeland Security issued a binding operational directive (BOD) last year ordering all agencies to have the highest level of DMARC (Domain-based Message Authentication, Reporting and Conformance) within a year. DMARC protects domains from being spoofed via email. Without it, malicious actors can send messages that appear to be, for example, a .gov website. As part of the directive, agencies are required to have a DMARC policy of “reject” — the highest of three levels — by Oct. 16. In a report published Monday, Proofpoint notes 51.9 percent of agency domains are compliant at this point. However, that’s roughly the same assessment Agari, an email security company, put out […]

The post Proofpoint: One month out from deadline, half of agency domains are DMARC compliant appeared first on Cyberscoop.

Continue reading Proofpoint: One month out from deadline, half of agency domains are DMARC compliant→

SCYTHE raises $3 million for attack simulation platform

Posted on September 17, 2018 by Zaid Shoorbajee

SCYTHE, an Arlington, Va., based cybersecurity company, announced on Monday that it raised $3 million in seed funding for its automated red-teaming platform. The company flagship platform allows customers to simulate attack campaigns against their own networks in order to assess their defensive posture. SCYTHE says that its product uses a catalog of threats to “automatically deploy a combination of threat actor communications and end-point capabilities on the production environment.” Enterprises can customize their own adversarial campaigns then get reports on how well their systems stood up to the threat. Heading SCYTHE is Bryson Bort, a former U.S. Army officer who has worked in various cybersecurity strategy and research and development at multiple outfits. Bryson is the co-founder of ICS Village, a nonprofit that educates the public about risks to industrial control systems through live simulations. He also founded and is the chairman of GRIMM, a cybersecurity consultancy. “We’re constantly adding […]

The post SCYTHE raises $3 million for attack simulation platform appeared first on Cyberscoop.

Continue reading SCYTHE raises $3 million for attack simulation platform→

Bomgar to acquire fellow access management company BeyondTrust

Posted on September 13, 2018 by Zaid Shoorbajee

Two companies that provide enterprises with privileged access management (PAM) services are coming together in an acquisition announced Thursday. Atlanta-based Bomgar is acquiring Phoenix-based BeyondTrust in a deal expected to close in October, the terms of which the companies did not disclose. Bomgar’s PAM service helps businesses manage the security of their credentials and systems, as well as secure remote access sessions. The company boasts 16,000 customers ranging from midsize to Fortune 100 companies. BeyondTrust has about 4,000 customers. “Both organizations bring talented employees who are passionate about protecting organizations from attacks related to privileged access,” said Bomgar CEO Matt Dricks in a press release. “The greater scale and resources of the combined company will allow us to accelerate innovation and deliver technology that protects our customers from constantly evolving threats.” BeyondTrust, based in Phoenix, provides a platform with similar services to Bomgar’s, including access management tools to help businesses secure […]

The post Bomgar to acquire fellow access management company BeyondTrust appeared first on Cyberscoop.

Continue reading Bomgar to acquire fellow access management company BeyondTrust→

DHS supply chain and CDM bills pass the House

Posted on September 5, 2018 by Zaid Shoorbajee

The House passed two bills Tuesday that aim to bolster the Department of Homeland Security’s cybersecurity efforts as they relate to securing the agency’s own vendor supply chain as well as securing other federal agencies’ networks. Both bills now head to the Senate. One of them, the Securing the Homeland Security Supply Chain Act of 2018, would give the secretary of Homeland Security authority to block IT vendors deemed to pose a supply chain risk from contracting with the agency. “There is no question that nation-states and criminal actors are constantly trying to exploit U.S. government and private sector systems to steal information or insert potentially harmful hardware or software,” said the bill’s sponsor, Rep. Peter King, R-N.Y., on the House floor before a voice vote. King cited recent and ongoing U.S. government scrutiny of Russian cybersecurity company Kaspersky Lab and Chinese telecommunications companies Huawei and ZTE as justification for […]

The post DHS supply chain and CDM bills pass the House appeared first on Cyberscoop.

Continue reading DHS supply chain and CDM bills pass the House→

Very Good Security raises $8.5 million to handle companies’ sensitive data

Posted on August 28, 2018 by Zaid Shoorbajee

Companies today have to navigate a security and compliance maze to make sure that they’re storing customer data safely and not running afoul of any regulations. San Francisco startup Very Good Security (VGS) is trying to fix that problem by handling the data on behalf of businesses. VGS announced Tuesday that it raised $8.5 million in Series A funding. VGS collects its clients’ sensitive customer data — such as payment information or Social Security Numbers — and stores it in its own “vaults.” Whenever the data is required by customer application, VGS identifies it and switches it for “surrogate values” that have the same functionality. “Because VGS maintains multiple compliances and isolates customers from sensitive data, it enables businesses to quickly achieve regulatory compliance,” the company says. VGS says its solution gives companies piece of mind because it takes on the liability of maintaining secure storage systems — companies won’t […]

The post Very Good Security raises $8.5 million to handle companies’ sensitive data appeared first on Cyberscoop.

Continue reading Very Good Security raises $8.5 million to handle companies’ sensitive data→

ICS cybersecurity company Indegy raises $18 million

Posted on August 28, 2018 by Zaid Shoorbajee

Indegy, a industrial-controls cybersecurity company, announced Tuesday that it raised $18 million in Series B investment funding. The company, based in New York with offices in Tel Aviv, Israel, provides threat detection and mitigation services for customers that operate industrial control systems (ICS). Indegy boasts that its Cyber Security Suite has more than 200 deployments worldwide, protecting customers in the manufacturing, pharmaceutical, energy, water and other industrial sectors. CEO Barak Perelman says that heightened concerns about cyberthreats to critical infrastructure have been a driver for business. “Recent reports by the [Department of Homeland Security]and FBI regarding attacks against critical infrastructures have created a greater sense of urgency among industrial organizations to shore up their defenses, and produced a major spike in new business for Indegy,” Perelman said in a press release. “This capital infusion provides the financial resources required to scale up the company and capitalize on this market opportunity.” A […]

The post ICS cybersecurity company Indegy raises $18 million appeared first on Cyberscoop.

Continue reading ICS cybersecurity company Indegy raises $18 million→

Do we need a ‘cyber 911?’ A former FBI cyber agent thinks so.

Posted on August 22, 2018 by Zaid Shoorbajee

Most Americans probably know how to get in touch with the police in cases where they’re physically threatened or hurt. However, reacting to a cybersecurity emergency isn’t so easy for the average person, says Andre McGregor, a former FBI cyber special agent. In a keynote at FedTalks in Washington, D.C. on Tuesday, McGregor argued that while the government has gotten better over the years at thwarting hackers, things are fuzzy from a constituent perspective. McGregor was the FBI case agent when Iranian hackers were allegedly attempting to hack the Bowman Avenue Dam in New York in 2013. He said the incident was “pivotal” in that it saw coordination among the FBI, other agencies, private sector vendors and utilities to aid in the investigation. But Mcgregor argued that the same story can’t be told for most breaches and cyberattacks. “You’ve got to think that if someone broke into my house, someone […]

The post Do we need a ‘cyber 911?’ A former FBI cyber agent thinks so. appeared first on Cyberscoop.

Continue reading Do we need a ‘cyber 911?’ A former FBI cyber agent thinks so.→

Majority of election security grants going toward cybersecurity, equipment upgrades

Posted on August 21, 2018 by Zaid Shoorbajee

About a third of federal funding meant to improve election technology will be spent on cybersecurity-related improvements, while another third will be used to upgrade old equipment, according to plans released Tuesday by states and the U.S. Election Assistance Commission. In March, Congress appropriated $380 million for states to use for upgrades to election infrastructure, under the Help America Vote Act. It’s the first time the federal distributes HAVA funding since 2010. “The 380 [million] is something new in terms of additional funding, but it’s in that same realm of ensuring that our voting process remain secure and that vote of confidence remains high,” Tom Hicks, chairman of the EAC, told CyberScoop. While states have a lot of leeway in how to spend the money, Congress and the EAC emphasized the need for boosting election security, given heightened concern over foreign meddling. “I would say it’s a magnitudes more on […]

The post Majority of election security grants going toward cybersecurity, equipment upgrades appeared first on Cyberscoop.

Continue reading Majority of election security grants going toward cybersecurity, equipment upgrades→

Here are all of the election security offerings from private companies

Posted on August 20, 2018 by Zaid Shoorbajee

With time running out before the midterm elections in November, many of the state and local election offices charged with running the polls are scrambling to secure their systems and protect them from cyberthreats. Much of their efforts are supported or guided by the Department of Homeland Security. The agency is providing jurisdictions with cybersecurity assessments, live exercises, penetration testing and facilitating information sharing, among other things. States also have a collective $380 million fund from Congress that they can use for election security and other improvements. Meanwhile, a number of technology companies have taken notice of the election security issue and are offering assistance to election-related entities. Some of the offerings are free, while others are discounted. Some of companies, like DHS, focus on helping the state and local offices that run the country’s elections. Others are offering their services to political organizations, like campaigns and political action committees […]

The post Here are all of the election security offerings from private companies appeared first on Cyberscoop.

Continue reading Here are all of the election security offerings from private companies→

Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks

Posted on August 16, 2018 by Zaid Shoorbajee

A newly discovered malware campaign that currently conducts simple reconnaissance has the versatility to download additional capabilities onto a victim’s system, according to a report published Thursday by Proofpoint. Researchers say the malware, which is named “Marap” after a detail in its command and control (C&C) server, bears similarity to other campaigns associated with a threat actor known as TA505. Proofpoint says it has observed “millions of messages” in a malicious email campaign earlier this month. Emails tend to have various types of attachments, such as PDF files and Microsoft Word documents, laced with the Marap malware. Some of the phishing documents co-opt the name of a major U.S. bank in their fake communications, Proofpoint says. So far, the researchers say that the only functionality they’ve observed in Marap is to fingerprint systems it infects. The malware gathers basic information — usernames, domain names, IP addresses, country, anti-virus software detected […]

The post Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks appeared first on Cyberscoop.

Continue reading Report: Modular ‘Marap’ malware campaign sets the table for bigger hacks→