2021 RSA Conference – WindowsTechs.com

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

Posted on May 19, 2021 by Tim Starks

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said in an appearance at the 2021 RSA Conference that while the federal contractor had once estimated the hackers’ first suspicious activity at around September or October of 2019, the company has “recently” learned that the attackers may have in fact “been in our environment” much earlier. “As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said. Ramakrishna’s revelation provides a deeper understanding yet of the stealthy nature of what U.S. government officials and cybersecurity firms have labeled an incredibly sophisticated attack, even by the standards of the alleged Russian government-connected hackers behind the effort. By leveraging seemingly trustworthy updates of SolarWinds […]

The post SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern appeared first on CyberScoop.

Continue reading SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern→

National security officials outline hopes for national data breach notification law

Posted on May 18, 2021 by Tim Starks

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]

The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.

Continue reading National security officials outline hopes for national data breach notification law→

Stalkers using surveillance software on partners are exposing their own data, research finds

Posted on May 18, 2021 by Shannon Vavra

Stalkerware applications, which domestic abusers rely on to monitor their romantic partners’ devices without their consent, often fail to secure the personal information collected during their use, according to ESET research published Monday. Stalkerware, which is frequently advertised as benign parental controls or employee monitoring software, can surveil targets’ geolocation, texts, phone calls, cameras and more, all without obtaining targets’ consent. ESET examined 86 stalkerware applications, only to identify 158 serious security and privacy issues, according to findings presented at the virtual RSA Conference this week. The most common security issue affecting the applications was the insecure transmission of stalkers’ and targets’ personally identifiable information from devices to app servers. This vulnerability could allow outsiders to intercept text messages, call logs, contact lists, keystrokes, browsing histories, recorded phone calls, pictures and screenshots, according to ESET. Other issues included applications storing sensitive information on external media, and exposing data like Facebook […]

The post Stalkers using surveillance software on partners are exposing their own data, research finds appeared first on CyberScoop.

Continue reading Stalkers using surveillance software on partners are exposing their own data, research finds→