Author Archives: Zaid Shoorbajee

Russian hackers targeted internet routers worldwide in apparent spy campaign, say U.S. and U.K.

Posted on by

Hackers backed by the Russian government carried out a coordinated campaign against internet traffic routers used in small offices and residences worldwide, cybersecurity officials from the U.S. and U.K. said Monday. The hackers targeted network infrastructure in the public and private sectors with the potential goals of espionage and the theft of intellectual property, the officials from the White House, Department of Homeland Security, FBI and Britain’s National Cyber Security Centre (NCSC) told reporters. It’s the first time U.S. and British governments have issued such a joint alert. A technical report on the hacking campaign will be issued Monday afternoon. The announcement comes as Western countries continue to sound the alarm about Russian cyber-aggression. The U.S. sanctioned several Russian oligarchs earlier this month in part because of that country’s malicious actions in cyberspace. The alert was pre-planned and the U.S. and U.K. have been coordinating its release for a long time, the […]

The post Russian hackers targeted internet routers worldwide in apparent spy campaign, say U.S. and U.K. appeared first on Cyberscoop.

Continue reading Russian hackers targeted internet routers worldwide in apparent spy campaign, say U.S. and U.K.

Respiratory device maker Inogen says breach exposed customer data

Posted on by

A company that makes respiratory care equipment disclosed on Friday that it experienced a data breach that gave hackers access to customer information. Inogen, which produces and sells portable devices to people with chronic respiratory issues, said in a Securities and Exchange Commission filing that “unknown persons” from outside the company obtained unauthorized access to employee emails. Inogen said the breach occurred some time between Jan. 2 and March 14 this year, but did not say when it was discovered. The company believes some of those emails possibly had sensitive information relating to Inogen’s rental customers. The filing does not say how the unauthorized access occurred. Inogen says it has notified 30,000 current and former customers, granting them credit monitoring and an insurance reimbursement policy. The customer data includes private information such as contact information, dates of birth, dates of death, Medicare identification number, insurance policy information and the type of […]

The post Respiratory device maker Inogen says breach exposed customer data appeared first on Cyberscoop.

Continue reading Respiratory device maker Inogen says breach exposed customer data

Pennsylvania moves to replace all paperless voting machines by 2020

Posted on by

Pennsylvania says it will replace all voting machines that do not produce a paper record for each vote by 2020. Acting Pennsylvania Secretary of State Robert Torres instructed all counties on Thursday to put machines in place that have a voter-verified paper audit trail (VVPAT) by the end of 2019, and “preferably in place by the November 2019 general election,” according to a press release. “We want to bring about the system upgrades so Pennsylvania voters are voting on the most secure and auditable equipment as promptly and feasibly as possible, while also being supportive of the counties’ need to plan and budget for the new systems,” Torres said in a statement. Having a VVPAT means that even if a voter makes selections on an electronic ballot, they will be able to confirm their choices on a paper ballot that can be used in an audit. Election security experts have advocated […]

The post Pennsylvania moves to replace all paperless voting machines by 2020 appeared first on Cyberscoop.

Continue reading Pennsylvania moves to replace all paperless voting machines by 2020

GCHQ head says U.K. engaged in cyberwarfare against ISIS

Posted on by

The director of GCHQ revealed in a speech on Thursday that Britain’s top signals intelligence agency had conducted a proactive cyber campaign against ISIS, touting the notion of using hacking tools to counter violent extremism. Speaking at the CYBERUK conference in Manchester, England, GCHQ Director Jeremy Fleming said that the agency worked with the U.K. Ministry of Defense to develop and deploy the country’s cyber weapons. “Much of this is too sensitive to talk about, but I can tell you that GCHQ, in partnership with the Ministry of Defense, has conducted a major offensive cyber-campaign against Daesh,” Fleming said, using the terror group’s Arabic acronym. Fleming said the attack was the first time the U.K. “systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign.” “They [ISIS] understand the value of strategic communications, the power of social media, of messaging apps to radicalize and scare,” […]

The post GCHQ head says U.K. engaged in cyberwarfare against ISIS appeared first on Cyberscoop.

Continue reading GCHQ head says U.K. engaged in cyberwarfare against ISIS

Former HHS CISO to join voting technology vendor as security lead

Posted on by

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced on Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt. Wlaschin departed as CISO of HHS last month, which he has said was due to family medical issues. Surrounding his departure, however, was controversy over an investigation of […]

The post Former HHS CISO to join voting technology vendor as security lead appeared first on Cyberscoop.

Continue reading Former HHS CISO to join voting technology vendor as security lead

Cybersecurity startup empow raises $10 million in Series B funding round

Posted on by

Cybersecurity startup empow on Thursday announced that it’s getting $10 million in its Series B venture funding round. The company, which has offices in Boston and Tel Aviv, Israel, provides a security information and event management (SIEM) platform, meaning it monitors data from across an organization’s network infrastructure in search of threats. The company says its platform is unique in that it determines the intent of a attack using artificial intelligence and machine learning. empow says its unique in that it leverages its customers’ existing security infrastructure to respond to that threat. The company says that helps organizations do more with what they have, increasing their return on investment. Along with the funding announcement, empow is bringing on Peter George, who has in the past been the CEO of Crossbeam Systems and Fidelis Security Systems, as its new CEO. George told CyberScoop that he sees empow as next generation SIEM […]

The post Cybersecurity startup empow raises $10 million in Series B funding round appeared first on Cyberscoop.

Continue reading Cybersecurity startup empow raises $10 million in Series B funding round

Ransomware, phishing and pretexting are on the rise: Verizon

Posted on by

Ransomware and social attacks have been the big stars in the past year when it comes to cybersecurity, according to the latest edition of Verizon’s popular yearly report. Drawing from datasets aggregated from 67 other organizations, including 53,308 security incidents and 2,216 data breaches, Verizon’s 2018 Data Breach Investigations Report shows that ransomware was the most common type of malware reported. Based on 1,379 malware incidents, 56 percent involved ransomware. Verizon notes that it first mentioned ransomware in its 2013 report and predicted that it would flourish because of how effective it is for cybercriminals. “Now we have seen this style of malware overtake all others to be the most prevalent variety of malicious code for this year’s dataset. Ransomware is an interesting phenomenon that, when viewed through the mind of an attacker, makes perfect sense,” the report says. Ransomware is seen as so effective, Verizon says, because it can be attempted with little risk to […]

The post Ransomware, phishing and pretexting are on the rise: Verizon appeared first on Cyberscoop.

Continue reading Ransomware, phishing and pretexting are on the rise: Verizon

Carbon Black files for IPO

Posted on by

Cybersecurity company Carbon Black has filed for its initial public offering, the company announced on Monday. While Carbon Black said in a press release that the number of shares and the price range offered hasn’t been determined, its filing with the Securities and Exchange Commission says it hopes to raise $100 million. The company applied to list its stock on the Nasdaq stock index under the symbol “CBLK.” The company names J.P. Morgan and Morgan Stanley as underwriters assisting it in the IPO. Based near Boston, Carbon Black provides anti-virus and endpoint security services to protect customers from cyberthreats. The company says that it has created categories in endpoint security, such as application control, endpoint detection and response (EDR) and next-generation antivirus (NGAV). In its filing, Carbon Black reports $162 million in revenue in 2017, up from $116.2 million in 2016 and $70.6 million in 2015. The company says it serves 3,700 customers globally, including 30 of the Fortune 100. […]

The post Carbon Black files for IPO appeared first on Cyberscoop.

Continue reading Carbon Black files for IPO

Air gapping voting machines isn’t enough, says one election security expert

Posted on by

The safeguards that election officials say protect voting machines from being hacked are not as effective as advertised, a leading election security expert says. U.S. elections, including national ones, are run by state and local offices. While that decentralization could serve an argument that elections are difficult to hack, University of Michigan Professor J. Alex Halderman says that it’s more like a double-edged sword. Speaking to an audience of students and faculty at the University of Maryland’s engineering school, Halderman said that the U.S. is unique in how elections are localized. States and counties choose the technology used to run federal elections. “Each state state running its own independent election system in many cases does provide a kind of defense. And that defense is that there is no single point nationally that you can try to attack or hack into in order to change the national results,” Halderman said. But […]

The post Air gapping voting machines isn’t enough, says one election security expert appeared first on Cyberscoop.

Continue reading Air gapping voting machines isn’t enough, says one election security expert

Report: hospitals are flooded with vulnerable IoT devices

Posted on by

Increasingly well-connected hospitals and doctors’ offices bring vast security challenges. A new report released Thursday shows that providers are struggling to keep up against hackers, according to cybersecurity company Trend Micro. “As hospitals and other healthcare facilities adopt new technology, add new devices, and embrace new partnerships, patients get better and more efficient services — but the digital attack surface expands as well,” the report states. Titled “Challenges in Securing Connected Hospitals“, Trend Micro presented findings in the report about how exposed internet-connected tools used by most healthcare organizations can be easily leveraged by hackers for remote attacks. The research shows that a “surprisingly high number” of internet-connected medical systems can be found through Shodan, a popular  internet-of-things search engine. Researchers were able to discover numerous exposed medical protocols, databases, industrial controllers and other healthcare systems. “While a device or system being exposed does not necessarily mean that it is vulnerable, exposed […]

The post Report: hospitals are flooded with vulnerable IoT devices appeared first on Cyberscoop.

Continue reading Report: hospitals are flooded with vulnerable IoT devices