NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy

Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public. In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Before the Android support arrives, a version 9.1 will include new features intended to save time for users and boost accuracy in reverse-engineering malware — enhancements that will come from features such as processor modules, new support for system calls and the ability to conduct additional editing, known as sleigh editing, in the Eclipse […]

The post NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy appeared first on CyberScoop.

Continue reading NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy

Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry

A good chunk of the cybersecurity industry is “smoke and mirrors,” with companies hawking shiny products that aren’t needed to block most hacks, Tenable CEO Amit Yoran said in an interview with CyberScoop earlier this month “It’s an industry that has fed and continues to feed, to a large extent, off of fearmongering,” Yoran said on the sidelines of the vendor-happy RSA Conference in San Francisco. The RSA Conference is a feeding frenzy for companies pushing products on the trade-show floor. Vendors spend big on things like booths, parties, and hotel suites to woo potential clients. (Tenable had a booth demonstrating some of its technology.) In a blunt interview, Yoran reflected on where the “hype-driven” side of the business, as he called it, had gotten the cybersecurity industry. “The millions of dollars that people are spending, all the hype and the sexy marketing and the AI and the anomaly-behavioral…whatever buzzword […]

The post Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry appeared first on CyberScoop.

Continue reading Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry

Can Google’s security push overcome the public’s eroded trust?

Google in the coming months will embark on a marketing campaign to raise awareness about a service the company says will better protect people accessing new websites. They just need users to trust them first, a tall order when roughly half of Americans polled by the Pew Research Center said they were “not at all” or “not too confident” tech firms would protect their data. Tech executives now are beginning to publicly reflect on the ramifications – specifically an erosion of trust – that occurs after big time data breaches, or scandals such as Facebook’s sharing data about 87 million users with Cambridge Analytica. It’s still early, and conversations are awkward, but the topic was a big theme at the Davos World Economic Forum in January as corporate bigwigs consider what it might mean if users stop trusting them with their information, said Justin Harvey, global incident response leader at Accenture Security. “There’s no litmus test for trust. […]

The post Can Google’s security push overcome the public’s eroded trust? appeared first on CyberScoop.

Continue reading Can Google’s security push overcome the public’s eroded trust?

To prepare for 2020, DNC security chief tries to make hackers’ lives harder

The Democratic National Committee is striving to “make it more expensive for attackers to do their work” as it prepares for a 2020 election, Bob Lord, the committee’s chief security officer, told CyberScoop. It is a simple but proven principle of cybersecurity: Make it harder for hackers to succeed by implementing time-tested basics like two-factor authentication. The question for the DNC is: How do you aggressively broaden adoption of such practices for campaigns and state parties scattered across the country, many which have very limited budgets? That far-flung apparatus is not the chain of command that Lord was used to when he was a cybersecurity executive at companies like Yahoo and Rapid7. “Because we’re a decentralized ecosystem, it presents a number of interesting challenges,” he said in an interview. “I don’t have the ability to order people to do things. Nor can I practically manage all of their systems. But what I can do […]

The post To prepare for 2020, DNC security chief tries to make hackers’ lives harder appeared first on CyberScoop.

Continue reading To prepare for 2020, DNC security chief tries to make hackers’ lives harder

No ‘smoking gun’ evidence coming on Huawei, NSA official says

Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.” U.S. officials have long accused Chinese tech companies Huawei and ZTE of being potential vessels for spying. One reason is that under Chinese law, companies are required to cooperate with national intelligence activities. Huawei and ZTE strenuously […]

The post No ‘smoking gun’ evidence coming on Huawei, NSA official says appeared first on CyberScoop.

Continue reading No ‘smoking gun’ evidence coming on Huawei, NSA official says

A bot doesn’t need to talk like a bot for Twitter to notice

Twitter is tracking accounts’ behavior — and not necessarily the content they disseminate — to determine whether a user is misrepresenting their identity, a possible indication the account is used to amplify information operations. The approach is an attempt to solve a problem that keeps changing as nation-states look for any edge in cyberspace. While hackers continue to breach international networks to steal trade secrets and conduct espionage, they also use trusted social media outlets to exploit users in a way that is re-defining cyberwar, according to a panel of experts at the RSA cybersecurity conference. “This practice … may be having a greater outcome than what we think of as traditional cybersecurity,” said political scientist Peter W. Singer. “Is [cybersecurity] about critical infrastructure, or the poisoning of democracies?” Twitter examines accounts by assessing whether they are part of a larger network of users pushing the same types of information, […]

The post A bot doesn’t need to talk like a bot for Twitter to notice appeared first on CyberScoop.

Continue reading A bot doesn’t need to talk like a bot for Twitter to notice

NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public

After years lurking in the shadows, the National Security Agency’s tool for reverse-engineering malware is now out in the open. The software framework has moved from classified status into use by military analysts and contractors in sensitive-but-unclassified settings, and now it’s available to anyone with an internet connection. In a bid to help private and public-sector analysts track how malicious code evolves and morphs, the agency announced the release of the tool at the RSA Conference in San Francisco on Tuesday. “As we open-source it, I think the creative folks on the outside are going to build modules and capabilities and they’re going to be able to collaborate with us on improving it even further,” Rob Joyce, senior cybersecurity adviser at NSA, said at an interview. The gist of the software framework, called Ghidra, is that it allows analysts to compare different versions of malicious code to understand what each is doing differently, including […]

The post NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public appeared first on CyberScoop.

Continue reading NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public

By hacking one of their own homes, researchers want to open a window on IoT security

A year ago, cybersecurity researchers at Trend Micro who were tinkering with home-automation systems in their spare time decided to make a formal project out of it. One of the researchers invited the others to hack his smart home in Germany and see what they could find out about the underlying protocols used in it. They quickly discovered that not only was the system susceptible to manipulation, but it was also ill-equipped to detect it. The owner of the home found himself moving from room to room, trying to figure out why his lights and window blinds weren’t working. Stephen Hilt, a senior threat researcher at Trend Micro, had inadvertently carried out a denial-of-service attack on devices running on a popular building-automation protocol in the house. The researchers knew where the attack was coming from — Hilt was using a software-defined radio to jam the devices, flooding them with noise — but they didn’t realize how effective it would be. “That was […]

The post By hacking one of their own homes, researchers want to open a window on IoT security appeared first on CyberScoop.

Continue reading By hacking one of their own homes, researchers want to open a window on IoT security

Alphabet’s Chronicle banks on big data with new threat analysis platform

Chronicle, the cybersecurity firm stood up last year by Google parent company Alphabet, entered the threat analysis business Monday when it announced a cloud-based platform that compares reams of network data with malicious cyber activity. In doing so, Chronicle is betting that Google’s access to immense amounts of stored data will help security professionals make better sense of information in what is already a crowded threat-intelligence market. The tool, called Backstory, allows companies to upload their internal security data and then analyze it, offering a repository stretching back years. It constantly compares that historical corporate ledger with new threat data to inform companies of any “historical access” to malicious domains or files, according to Chronicle. Hackers can linger on organizations’ networks for months, if not longer, and Backstory aims to use Google’s search capabilities to find breaches that slipped through the cracks. “Backstory was designed for a world where companies generate massive amounts […]

The post Alphabet’s Chronicle banks on big data with new threat analysis platform appeared first on CyberScoop.

Continue reading Alphabet’s Chronicle banks on big data with new threat analysis platform

Why CISOs must get better at connecting to the rest of the company

Corporate security experts need to emerge from behind their physical cubicles and their digital firewalls to ensure that new technologies don’t create new vulnerabilities that could threaten their jobs, according to two executive-focused panels Monday at the RSA cybersecurity conference in San Francisco. Firms often fail to implement security measures amid their transition to the cloud, or when they implement the accelerated software production strategy known as DevOps, because security leaders fail to communicate with other departments, panelists said. “Because [new tools] are enabling business in a more rapid fashion, CISOs need to figure out how to turn security from ‘the business of no’ into something that enables functions,” said Kurt Hagerman, an executive adviser at the consultancy firm Coalfire. “You have to tie the value of your security program to the business. And that’s a skill a lost of CISOs today lack.” Too few companies have leaders who work together […]

The post Why CISOs must get better at connecting to the rest of the company appeared first on CyberScoop.

Continue reading Why CISOs must get better at connecting to the rest of the company