NCSC – Page 10 – WindowsTechs.com

Fighting Chinese cyber-espionage could cost U.S. 5G dominance

Posted on July 30, 2018 by Ryan Duffy

As the U.S. government works to neutralize its Chinese counterparts’ efforts to conduct surveillance via commercial telecom products, it may unintentionally jeopardize the United States’ bid to beat China to a nationwide 5G network. This summer, U.S. officials, policymakers and allies have cracked down on Huawei and ZTE, two large Chinese smartphone and telecommunications equipment manufacturers. The pair are believed to have a cozy relationship with the Chinese Communist Party and People’s Liberation Army. Washington fears that relationship could lead Beijing to tap into equipment owned by those companies to siphon sensitive information and possibly lay the groundwork for cyberattacks. But many industry, trade and technological experts are worried the measures may come at a steep price. The quest to upend China’s surveillance capabilities may be hurting America’s competitiveness in the race to develop and roll out 5G wireless technology. The dilemma presents the latest — and perhaps fiercest — technological showdown between Washington […]

The post Fighting Chinese cyber-espionage could cost U.S. 5G dominance appeared first on Cyberscoop.

Continue reading Fighting Chinese cyber-espionage could cost U.S. 5G dominance→

Economic cyber-espionage is here to stay, U.S. counterintelligence report says

Posted on July 26, 2018 by Sean Lyngaas

A new report from a U.S. counterintelligence agency details persistent efforts by China, Iran, and Russia to steal U.S. trade secrets, warns that those campaigns are here to stay and raises concerns about the software supply chain as a vector for economic espionage. China, Iran, and Russia are “three of the most capable and active cyber actors tied to economic espionage,” and they will “remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace,” the report from the National Counterintelligence and Security Center (NCSC) states. Last year was a “watershed” year in public reporting of big software supply-chain operations, with seven incidents reported compared to just four between 2014 and 2016, according to the NCSC, which is part of the Office of the Director of National Intelligence (ODNI). The counterintelligence agency cites the seminal NotPetya attack, which U.S. officials blamed on Moscow, and the CCleaner backdoor, which […]

The post Economic cyber-espionage is here to stay, U.S. counterintelligence report says appeared first on Cyberscoop.

Continue reading Economic cyber-espionage is here to stay, U.S. counterintelligence report says→

Cyber Security Roundup for April 2018

Posted on May 2, 2018 by Dave Whitelegg

The fallout from the Facebook privacy scandal rumbled on throughout April and culminated with the closure of the company at the centre of the scandal, Cambridge Analytica.

Overview of Facebook and Cambridge Analytica
Facebook’s Zuckerberg faces formal… Continue reading Cyber Security Roundup for April 2018→

One year later, the UK’s Active Cyber Defence is seeing good results

Posted on February 6, 2018 by Graham Cluley

The National Cyber Security Centre (NCSC), which tasks itself with “helping to make the UK the safest place to live and do business online”, has published an impressive report into the progress it has made with what it calls its “Active Cyber Defence” … Continue reading One year later, the UK’s Active Cyber Defence is seeing good results→

Cyber Security Roundup for December 2018

Posted on January 2, 2018 by Dave Whitelegg

UK supermarket giant Morrisons, lost a landmark data breach court case in December after a disgruntled Morrisons employee had stolen and posted the personal records of 100,000 co-workers online, the supermarket chain was held liable for the d… Continue reading Cyber Security Roundup for December 2018→

U.K. cyber agency tells government to handle Russian anti-virus software with caution

Posted on December 4, 2017 by Zaid Shoorbajee

The United Kingdom’s national cyberthreat monitoring agency is advising some of the country’s agencies to quit using Russian anti-virus software. The warning is a change in tone from the National Cyber Security Centre’s longstanding position that the agency does not mandate or ban any products. NCSC head Ciaran Martin sent a public letter on Friday to the U.K.’s permanent secretaries about the “supply chain risk in cloud-based products.” Moscow-based cybersecurity company Kaspersky Lab has been under particular scrutiny in the United States for supposedly enabling Russians to steal information from intelligence authorities through software backdoors. The U.S. Department of Homeland Security ordered in September that all federal agencies purge Kaspersky software from their networks. “The specific country we are highlighting in this package of guidance is Russia,” Ciaran writes. “The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft. This includes espionage, disruption and influence operations. Russia has the intent to […]

The post U.K. cyber agency tells government to handle Russian anti-virus software with caution appeared first on Cyberscoop.

Continue reading U.K. cyber agency tells government to handle Russian anti-virus software with caution→

Cyber Security Roundup for October 2017

Posted on November 1, 2017 by Dave Whitelegg

State-orchestrated cyber attacks have dominated the media headlines in October, with rogue state North Korea and its alleged 6,800 strong cyber force blamed for several cyber attacks. International intelligence scholars believe the North Korean leadership are using cyber warfare to up the political ante with their ongoing dispute with the United States. The North Koreans, as well as terrible security practices, were directly blamed by the UK National Audit Office for the recent NHS WannaCry attack (despite North Korea denying it). North Korea was also reported to be implicated in the stealing US War Plans from South Korea, and for a spear phishing campaign against the US Power Grid. The possible Russian manipulation of the US election with cyber attacks and rogue social media campaigns is still a story not going away, while the Chinese are alleged to be behind the data theft of Australian F-35 fighter jet, in what is described as an ‘extensive’ Cyberattack. The finger was pointed at Iran for the recent Parliamentary Emails cyber attacks in the UK, meanwhile, EU governments venting their cyber concern, warning that Cyber Attacks can be an Act of War.

Stephen Hawking caused controversy in both the science and tech industry last year when he said Artificial Intelligence could be a serious threat to human existence, could the plot of The Terminator really come to fruition? Perhaps so, as it was reported that AI had already defeated the Captcha Security Check system. Personally, I believe both AI and Quantum Computing will pose significant new threats to cybersecurity space in the next decade.

A far higher number of personal records were compromised in the Equifax data breach than was previously thought, with millions of UK citizens confirmed to be impacted by the US-based credit checking agency hack. Equifax’s now ex-CEO provided an interesting blow-by-blow account of the cyber-attack at a US government hearing, even though Equifax technical staff were specifically warned about a critical Apache Struts (web server) patch, it was ignored and not applied, which in turn allowed hackers to take full advantage of vulnerability to steal the Equifax data on mass. To make matters even worse, the Equifax consumer breach help website was found to be infecting visitors with spyware.

Yahoo revealed all 3 Billion of its user accounts had in fact been breached, in what is truly an astonishing mammoth sized hack, biggest in all history, so far. Elsewhere on the commercial hacking front, Pizza Hut’s website was reported to be hacked with customer financial information taken, and Disqus said a 2012 breach it discovered in October exposed the information of 17.5 million its users from as far back as 2007.

It was a super busy month for security vulnerability notifications and patch releases, with Microsoft, Netgear, Oracle, Google, and Apple all releasing rafts of critical level patches. A serious weakness in the wireless networking WPA2 protocol was made public to great fanfare after researchers suggested all Wifi devices using WPA2 on the planet were vulnerable to an attack called Krack, which exploited the WPA2 weakness. Krack is a man-in-the-middle attack which allows an attacker to eavesdrop or redirect users to fake websites over Wifi networks secured using the WPA2 protocol. At the time of writing most wireless access point vendors and operating system providers had released patches to close the WPA2 vulnerability, and there have been no known exploits of the vulnerability reported in the wild.

BadRabbit is a new strain of ransomware which is emerging and is reported to be infecting systems and networks in Russia and the Ukraine at the moment. BadRabbit is the latest network self-propagating malware, like NotPeyta and WannaCry, to use the NSA EternalRomance hacking tool. A massive new IoT botnet was discovered, its continued growth is fuelled by malware said to be more sophisticated than previous IoT botnet king, Mirai. Russian based threat actor group APT28 is said to be targeting the exploitation of a recently patched Adobe vulnerability (CVE-2017-11292), in using a malicious Microsoft Word attachment, so ensure you keep on top of your system patching and always be careful when opening email attachments.

Finally, the UK National Cyber Security Centre (NCSC) released its first annual report, as it seeks to improve cybersecurity across the UK. Among NCSC achievements cited in the report are:

The launch of Active Cyber Defence, credited with reducing average time a phishing site is online from 27 hours to 1 hour
Led UK response to WannaCry
Advice website with up to 100,000 visitors per month
Three-day Cyber UK Conference in Liverpool
43% increase in visits to the Cyber Security Information Sharing Partnership (CiSP)
Produced 200,000 physical items for 190 customer departments via UK Key Production authority to secure and protect communications of Armed Forces and national security
1,000 youngsters on CyberFirst courses and 8,000 young women on CyberFirst Girls competition.
Worked with 50 countries, including signing Nato’s MoU

NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

REPORTS

The post Cyber Security Roundup for October 2017 appeared first on Security Boulevard.

Continue reading Cyber Security Roundup for October 2017→

Experts warn Congress of the return of Chinese IP theft

Posted on June 14, 2017 by Chris Bing

Hackers working for the Chinese government again appear to be conducting economic espionage against private U.S. companies and other American organizations, experts told lawmakers Tuesday during an open Senate Committee on Foreign Relations hearing. Cybersecurity experts have stated that Chinese cyber espionage operations — hacking activities aimed at stealing trade secrets, intellectual property or other confidential business information — has substantially declined in the wake of an agreement struck between former President Barack Obama and Chinese President Xi Jinping in September 2015. But at least “anecdotally,” there has been a re-emergence of related economic espionage by Chinese hackers aimed at U.S. entities, according to Samantha Ravich, a current senior adviser to D.C.-based think tank the Foundation for Defense of Democracies. Over the last year, the FDD has established a team to study what it defines as “economic warfare.” “It seems there was a dip at first but the anecdotes that are […]

The post Experts warn Congress of the return of Chinese IP theft appeared first on Cyberscoop.

Continue reading Experts warn Congress of the return of Chinese IP theft→

Intelligence community seeks answers in aftermath of Harold Martin case

Posted on February 28, 2017 by Chris Bing

The arrest and then recent indictment of Harold T. Martin III, a 20-year veteran of the intelligence community who is accused of carrying out the biggest theft of classified information in U.S. history, is causing leaders on Capitol Hill and in the Office of the Director of National Intelligence to re-examine exactly how the government defends […]

The post Intelligence community seeks answers in aftermath of Harold Martin case appeared first on Cyberscoop.

Continue reading Intelligence community seeks answers in aftermath of Harold Martin case→

Top U.S. intelligence official: Media is wrong about low morale

Posted on February 24, 2017 by Chris Bing

The issue of sinking morale within the U.S. intelligence community is a myth fabricated by the media, said a top U.S. intelligence official who spoke Thursday at the National Press Club. “I am in the intelligence community, I have spent time in the FBI, in NCSC now and CIA, and I don’t see a dip […]

The post Top U.S. intelligence official: Media is wrong about low morale appeared first on Cyberscoop.

Continue reading Top U.S. intelligence official: Media is wrong about low morale→