Zaid Shoorbajee – Page 15 – WindowsTechs.com

Hackers mined $90,000 worth of Monero with a simple Docker Hub trick

Posted on June 14, 2018 by Zaid Shoorbajee

A series of malicious cryptojacking files that were stored on Docker Hub, a code repository site, have been downloaded more than 5 million times over the last year, helping a hacker infect countless computers that were used to mine about $90,000 worth of Monero, according to research from cybersecurity company Kromtech. Monero is a popular cryptocurrency that’s become known for its usage among cyber criminals. In a blog post published Tuesday, Kromtech discussed how the boobytrapped files had remained on Docker Hub for so long despite being noticed and reported multiple times. Docker Hub is a repository site for containerized applications. Kromtech describes these containers as a “way of packaging software.” They are also referred to as images, container images or Docker images. “You can think of running a container like running a virtual machine, without the overhead of spinning up an entire operating system,” Kromtech explains. Kromtech lists tweets and […]

The post Hackers mined $90,000 worth of Monero with a simple Docker Hub trick appeared first on Cyberscoop.

Continue reading Hackers mined $90,000 worth of Monero with a simple Docker Hub trick→

Government throws $45M at protecting U.S. dams from hackers

Posted on June 12, 2018 by Zaid Shoorbajee

The U.S. Bureau of Reclamation (USBR) has awarded two companies a $45 million contract to protect dams across the country from cyberattacks. Booz Allen Hamilton and Spry Methods, both based in McLean, Va., received the spots on the contract last week. NextGov first reported the award. The USBR, part of the Department of the Interior, manages the U.S.’s water-related resources, such as dams, power plants and canals. The two vendors were awarded a contract for indefinitely delivery and indefinite quantity of services for five years, helping the the office manage the security of 600 dams that the bureau built and oversees across 17 states. The contract covers Continuous Diagnostics and Mitigation for the bureau. CDM is a Department of Homeland Security program that monitors and protects federal networks. BAH and Spry will also ensure the bureau complies with the Federal Information Security Management Act, manage the dams’ industrial control systems and oversee overall network security […]

The post Government throws $45M at protecting U.S. dams from hackers appeared first on Cyberscoop.

Continue reading Government throws $45M at protecting U.S. dams from hackers→

Claroty raises $60 million to protect industrial networks from ‘perfect storm’ of cyberthreats

Posted on June 11, 2018 by Zaid Shoorbajee

Claroty, a industrial control systems cybersecurity company, announced on Monday that it raised $60 million in Series B funding from a diverse group of investors, including venture firms, ICS vendors and industrial asset owners and operators. The funding brings the company’s total investment to date to $93 million. The funding round was led by Tekfen, a Turkish industrial holding company. Notably, three different ICS vendors came together to participate in the round in some way. Aster capital (an investment company born out of Schneider Electric), Next47 (a venture firm backed by Siemens) and Rockwell automation pitched in, along with Envision Ventures and Claroty’s original investors. Patrick McBride, Claroty’s chief marketing officer, said in an interview that the coming together of these investors is a “ringing endorsement” of Claroty’s offerings. “Getting Siemens and Rockwell and Schneider to do anything together? These guys beat each other up in the marketplace every day, but they […]

The post Claroty raises $60 million to protect industrial networks from ‘perfect storm’ of cyberthreats appeared first on Cyberscoop.

Continue reading Claroty raises $60 million to protect industrial networks from ‘perfect storm’ of cyberthreats→

Capgemini to buy cybersecurity arm of Leidos

Posted on June 7, 2018 by Zaid Shoorbajee

The cybersecurity division of Leidos is being sold to Capgemini, a French multinational business consultancy, the companies announced on Thursday. Capgemini says it hopes the acquisition will reinforce its presence in North America and help “meet growing customer demand for its portfolio of cybersecurity services and solutions across the region.” In a statement, Capgemini CEO Paul Hermelin called Leidos Cyber a “pioneer” in cybersecurity that “defined the market in protecting the industrial control ecosystem for the mission critical infrastructure needs of global enterprises.” Reston, Va.-based Leidos provides IT, engineering, science and defense contracting services and is one of the top U.S. federal contractors. However, its cybersecurity arm is commercially focused. Leidos Cyber employs about 500 cybersecurity professionals spread out across North America, according to the press release. Capgemini has a wide array of focus areas in its service offering is one of the largest IT consulting companies in Europe, with […]

The post Capgemini to buy cybersecurity arm of Leidos appeared first on Cyberscoop.

Continue reading Capgemini to buy cybersecurity arm of Leidos→

CrowdStrike announces $1 million warranty for breaches that happen under its watch

Posted on June 5, 2018 by Zaid Shoorbajee

CrowdStrike is affording customers of its flagship cybersecurity service a free warranty to at least partially cover the cost of a breach should one occur on a system it’s protecting. CrowdStrike announced the warranty on Tuesday, claiming that it is the first of its kind to be offered in the endpoint security breach prevention space. “Other industries have long offered product warranties to assure customers that the products they purchase will function as advertised. This has not been the case in cybersecurity, where customers generally have little recourse when security products fail to protect them,” the company said. Historically, even if an organization employs a reputable cybersecurity product to protect its systems, it generally has to bear the cost if it suffers a breach. CrowdStrike’s new warranty covers the company’s Falcon Endpoint Protection Complete customers for up to $1 million if a breach happens in the environment was hired to […]

The post CrowdStrike announces $1 million warranty for breaches that happen under its watch appeared first on Cyberscoop.

Continue reading CrowdStrike announces $1 million warranty for breaches that happen under its watch→

Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries

Posted on June 1, 2018 by Zaid Shoorbajee

Malware used by the United States in offensive cyber-operations plays “nice” when compared to other nation-state malware, according to FireEye CEO Kevin Mandia. Speaking at the Cyber Threat Intelligence Forum produced by Scoop News Group on Thursday, Mandia said when FireEye analyzes malware from state-backed hackers, the company usually finds elements of public policy baked into operations. Certain tells in the malware’s behavior or the code itself can be indicative of which state is behind it. “We find malware that sometimes has a time to live and then it doesn’t run anymore. I wonder who would do that,” Mandia said on stage. “Probably [the U.S.] because we’re the nicest hackers in cyberspace, besides maybe China.” The U.S. and China are more disciplined in their operations than adversaries like North Korea and Russia, who are instead unrestrained, he said. “We see guardrails on malware from nations like the United States, but do […]

The post Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries appeared first on Cyberscoop.

Continue reading Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries→

Vulnerability remediation startup Vulcan Cyber launches with $4 million in seed funding

Posted on May 30, 2018 by Zaid Shoorbajee

Vulcan Cyber, an Israeli vulnerability remediation startup, launched on Wednesday with $4 million in seed funding in hand. The funding primarily comes from cybersecurity investing company YL Ventures, with participation from a few other investors. The problem the Tel Aviv-based company wants to solve is that, as organizations expand their IT infrastructures, so does their attack surface. But that doesn’t mean their visibility into new vulnerabilities increases in kind. “This speed of change coupled with the ever-expanding number of vulnerabilities in today’s enterprise software stack and hackers who are constantly probing for this ‘low hanging fruit,’ creates a reality of incessant and unrelenting risk,” the company said in its announcement. Vulcan’s main offering is its Continuous Vulnerability Remediation platform. The product uses “dozens of scanning tools” to aggregate data from a customer’s network and analyzes it to identify vulnerabilities. It then “prioritizes, plans, orchestrates and validates remediation.” The platform works […]

The post Vulnerability remediation startup Vulcan Cyber launches with $4 million in seed funding appeared first on Cyberscoop.

Continue reading Vulnerability remediation startup Vulcan Cyber launches with $4 million in seed funding→

Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform

Posted on May 29, 2018 by Zaid Shoorbajee

The developers of one of the top-traded cryptocurrencies, EOS, say they’ve patched a critical vulnerability that reportedly could have compromised EOS’s entire forthcoming platform. Chinese security company Qihoo 360 said in a Tuesday blog post that its researchers discovered an “epic” vulnerability in the EOS platform that could allow someone to manipulate all transactions. In a technical write-up, security researchers with Qihoo 360 explained that a hacker would have been able to upload a smart contract with malicious code onto the EOS mainnet and take over a node. Smart contracts are a feature of blockchain and cryptocurrencies that allow for transactions without middlemen. Once the malicious code takes control of a relevant server, an “attacker could then pack the malicious contract into new block (sic) and further control all nodes of the EOS network.” Qihoo 360 warns that because of the distributed nature of blockchain technology, compromising one node can put the […]

The post Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform appeared first on Cyberscoop.

Continue reading Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform→

Lawsuit pushes Georgia to dump paperless voting machines by November

Posted on May 24, 2018 by Zaid Shoorbajee

The voting machines used in the latest Georgia primary are the subject of a lawsuit that calls for the state to stop using them out of fear that they can be hacked. A group of election reform advocates is seeking an injunction that would force the state to abandon its paperless direct-recording electronic (DRE) voting machines before November. For Georgia, that would mean all of the machines, since it’s one of five states that exclusively use DREs. Experts have argued that DRE machines are susceptible to hacking because of their lack of an accompanying paper record. Plantiffs contend that the Georgia voters’ constitutional right to properly counted votes is in jeopardy due to the inherent flaws in DRE machines. Instead of relying on the machines in November, the suit reasons that voters could simply use paper ballots then count the votes using optical scanners the state currently uses to count mail-in and provisional […]

The post Lawsuit pushes Georgia to dump paperless voting machines by November appeared first on Cyberscoop.

Continue reading Lawsuit pushes Georgia to dump paperless voting machines by November→

U.K. attorney general: Allies must collaborate on attribution of international cyberattacks

Posted on May 23, 2018 by Zaid Shoorbajee

Britain’s top prosecutor says that countries need to work together to determine the identity of attackers behind cross-border cyberattacks. In a Wednesday speech at the Royal Institute of International Affairs, a British think tank, U.K. Attorney General Jeremy Wright made the case that the world needs to do more to make sure that international law is enforced when it comes to cybercrime. To that end, he argued that the U.K. and its allies should make attribution a priority. “Cyberspace is not – and must never be – a lawless world. It is the U.K.’s view that when states and individuals engage in hostile cyber-operations, they are governed by law just like activities in any other domain,” Wright said. “The question is not whether or not international law applies, but rather how it applies and whether our current understanding is sufficient.” In his speech, Wright went at length to legally justify […]

The post U.K. attorney general: Allies must collaborate on attribution of international cyberattacks appeared first on Cyberscoop.

Continue reading U.K. attorney general: Allies must collaborate on attribution of international cyberattacks→