Zaid Shoorbajee – Page 23 – WindowsTechs.com

New Android malware steals user data, records audio and incurs phone charges

Posted on February 28, 2018 by Zaid Shoorbajee

A newly discovered family of mobile malware can siphon sensitive data from unsuspecting victims’ phones, record audio and trick users into incurring premium charges on their phone bills. Mobile security company Wandera said in its report about the malware, called RedDrop, that it is “one of the most sophisticated pieces of Android malware” it has seen in wide distribution. RedDrop is hidden in a set of third-party apps — generally downloaded outside of official Android channels — that appear to provide some functionality, like calculators, image editors or games. The malware has invasive capabilities that Wandera says can be used to ultimately blackmail victims. Spyware in RedDrop can collect data such as local files and photos, device information and nearby Wi-Fi networks. It can also record audio from the device’s surroundings. RedDrop sends all this data to cloud storage services belonging to the attackers “to be used in their extortion schemes and as the foundation to […]

The post New Android malware steals user data, records audio and incurs phone charges appeared first on Cyberscoop.

Continue reading New Android malware steals user data, records audio and incurs phone charges→

New EAC chairman will continue to focus on election security

Posted on February 26, 2018 by Zaid Shoorbajee

Thomas Hicks has been tapped to chair the Election Assistance Commission, an agency that is considered central to protecting the U.S. election infrastructure from cyberthreats, the commission announced on Friday. Reuters reported on Thursday that Republican House Speaker, Rep. Paul Ryan, decided not to recommend former chairman Matthew Masterson for a second term as one of the EAC’s four commissioners. Commissioners are recommended by congressional leadership, nominated by the president and confirmed by the Senate. According to Reuters, some state officials were surprised that Masterson was not considered for a second term as commissioner, given that he has focused much of his tenure on cybersecurity. Hicks’s term as chairman began on Feb. 24, the day after the announcement. Hicks has served as an EAC commissioner since December 2014. He previously served as chairman from February 2016 to February 2017. “I was working on [Capitol] Hill when the Help America Vote Act was […]

The post New EAC chairman will continue to focus on election security appeared first on Cyberscoop.

Continue reading New EAC chairman will continue to focus on election security→

New SEC guidance: please don’t sell your stocks if you have insider info about a breach

Posted on February 21, 2018 by Zaid Shoorbajee

The Securities and Exchange Commission wants companies to be more transparent about the way they handle data breaches. On Wednesday, the SEC issued an updated guidance regarding expectations that companies must meet in disclosing cybersecurity vulnerabilities and hacking incidents. The guidance is non-binding in nature, but outlines the bare minimum that companies must do, according to the SEC, to avoid legal trouble. The unanimously approved guidance details the ways public companies ought to be transparent with investors and other stakeholders when it comes to cyber risk. The memo tells companies to disclose information about incidents or vulnerabilities in a timely manner. In addition, the guidance addresses the issue of company officers selling shares before publicly disclosing a known cybersecurity incident. This was an issue which clouded the recent publication of two critical microchip flaws affecting Intel, AMD and ARM. “Given the frequency, magnitude and cost of cybersecurity incidents, the Commission […]

The post New SEC guidance: please don’t sell your stocks if you have insider info about a breach appeared first on Cyberscoop.

Continue reading New SEC guidance: please don’t sell your stocks if you have insider info about a breach→

Russian Embassy spokesperson confronts FBI, DHS officials in public event

Posted on February 21, 2018 by Zaid Shoorbajee

A Russian Embassy spokesperson challenged two senior U.S. officials Wednesday during a public event in D.C. about why the Trump administration refuses to collaborate with Russia to fight cybercrime. The exchange happened at an event hosted by the Center for Strategic and International Studies (CSIS) focused on a new report published Wednesday by the think tank and cybersecurity company McAfee. The report speaks to the economic impact of cybercrime. Along with other countries, Russia was specifically named multiple times in both the report and panel discussion as a “state sanctuary” of cybercrime due to the “close relationship between the Russian state and Russian organized crime.” That accusation didn’t sit right with one Russian government employee in the crowd. “Once again without any proof, Russia was called a bad actor in cyberspace,” said Petr Svirin, the Russian Embassy’s first secretary during a question and answer session. “If you are so concerned, why the government […]

The post Russian Embassy spokesperson confronts FBI, DHS officials in public event appeared first on Cyberscoop.

Continue reading Russian Embassy spokesperson confronts FBI, DHS officials in public event→

DOJ looks to improve handling of cyberthreats with new task force

Posted on February 20, 2018 by Zaid Shoorbajee

Attorney General Jeff Sessions announced a new cybersecurity task force on Tuesday that aims to appraise the way the Department of Justice handles cases that involve the internet. The Cyber-Digital Task Force “will canvass the many ways that the Department is combatting the global cyber threat, and will also identify how federal law enforcement can more effectively accomplish its mission in this vital and evolving area,” a news release said. Sessions said he is creating the task force in order to generate ideas on how to best combat global cyberthreats. “The Internet has given us amazing new tools that help us work, communicate, and participate in our economy, but these tools can also be exploited by criminals, terrorists, and enemy governments,” Sessions said. The deputy attorney general will appoint a senior department official to chair the task force. DOJ declined to provide any more information about the task force, such as […]

The post DOJ looks to improve handling of cyberthreats with new task force appeared first on Cyberscoop.

Continue reading DOJ looks to improve handling of cyberthreats with new task force→

Tesla falls victim to cryptomining scheme, minor breach

Posted on February 20, 2018 by Zaid Shoorbajee

Tesla appears to be the latest prominent victim of a malicious cryptomining scheme. Cloud security company RedLock reported on Tuesday that hackers found exposed elements of the electric car company’s cloud environment, giving them access to both sensitive company data and computing power that they used to mine cryptocurrency. According to RedLock, the hackers infiltrated an unprotected Kubernetes console, a tool used to automate the way a user deploys containerized apps. The hackers performed the cryptomining from within the Kubernetes console, employing what the RedLock describes as “sophisticated evasion techniques” that made their activity difficult to detect compared to other cryptomining. Unlike with other cryptomining ploys, RedLock says, the hackers didn’t use well-known mining software, such as Coinhive. Rather, they took other code and tweaked the script to connect to an unlisted endpoint. RedLock says this made it difficult for standard threat intelligence indicators to detect the activity. The hackers also […]

The post Tesla falls victim to cryptomining scheme, minor breach appeared first on Cyberscoop.

Continue reading Tesla falls victim to cryptomining scheme, minor breach→

Intel faces 32 class action suits stemming from Spectre and Meltdown

Posted on February 16, 2018 by Zaid Shoorbajee

Intel is fighting 32 class action lawsuits related to major security vulnerabilities in its chips that were disclosed in January, the company said in an annual filing with to the Securities and Exchange Commission on Friday. The filing says that as of Feb. 15, there are 30 class action lawsuits on behalf of customers and two on behalf of shareholders, all resulting from the nature of the disclosure of Meltdown and Spectre. About six months elapsed from the flaws’ discovery in June until their public disclosure. The company says the lawsuits are filed in U.S. federal and state courts and in some cases courts in other countries. Meltdown and Spectre are deep-rooted flaws in computer central processing units that can allow hackers to steal sensitive information undetected. The flaws are present in CPU chips dating back to the mid-1990s. The customer lawsuits “generally claim to have been harmed by Intel’s actions and/or […]

The post Intel faces 32 class action suits stemming from Spectre and Meltdown appeared first on Cyberscoop.

Continue reading Intel faces 32 class action suits stemming from Spectre and Meltdown→

ODNI holds classified briefings on election security for all 50 states

Posted on February 16, 2018 by Zaid Shoorbajee

State election officials from all 50 states are to receive classified briefings from intelligence officials Friday and Sunday about threats to election security. The Office of the Director of National Intelligence announced on Thursday that it will hold the briefings in conjunction with the Department of Homeland Security and the FBI “as part of an ongoing effort to ensure the integrity and security of the nation’s election infrastructure.” The briefings coincide with annual conferences for the National Association of Secretaries of State and the National Association of State Election Directors being held through the weekend in Washington, D.C. Since the 2016 presidential election, lawmakers have been calling on the intelligence community to expedite the security clearance process for state election officials in order for them to review information about election threats. Several bills have been introduced in Congress in recent months with involvement from both parties that would set requirements around this issue. The […]

The post ODNI holds classified briefings on election security for all 50 states appeared first on Cyberscoop.

Continue reading ODNI holds classified briefings on election security for all 50 states→

House Dems release report, propose bill addressing election cyberthreats

Posted on February 15, 2018 by Zaid Shoorbajee

House Democrats released a report and new legislation on Wednesday urgently calling for more attention and federal funding to the U.S. election process in order to stop foreign hacking and other interference. The bill and accompanying report mark the culmination of an eight-month effort by the Democratic Election Security Task Force to develop a plan to deal with election threats, and latest in a series of congressional legislative efforts to do so. Much of what the bill, the Election Security Act, is calling for has been covered by other legislation proposed in recent months. Those bills haven’t seen seen much progress in the way of being passed. The largest chunk of funding would be a $1 billion Election Assistance Commission grant available to states to replace old, insecure voting machines with machines that scan auditable paper ballots. The grant is limited to purchases from election vendors certified by the EAC and […]

The post House Dems release report, propose bill addressing election cyberthreats appeared first on Cyberscoop.

Continue reading House Dems release report, propose bill addressing election cyberthreats→

FS-ISAC releases API for safer data sharing

Posted on February 14, 2018 by Zaid Shoorbajee

An association of banks and financial technology companies has released a tool that it hopes will help financial institutions securely share data about consumers across the online financial tools that they use. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is releasing an application programming interface (API) in order “to foster universal adoption of a more secure and robust data sharing framework,” according to a statement released on Tuesday. “Over a lifetime, consumer data may be scattered throughout several financial institutions,” the FS-ISAC says, which creates a need for consumers to log into multiple accounts to manage loans, deposits, payments and investments. The new API tokenizes sensitive user information, which the association says facilitates and secures the transfer of data from company to company. “Creating a standard API for secure data sharing benefits everyone in the data aggregation ecosystem,” FS-ISAC Chief Operations Officer Eric Guerrino said in a release. […]

The post FS-ISAC releases API for safer data sharing appeared first on Cyberscoop.

Continue reading FS-ISAC releases API for safer data sharing→