Rob Joyce – Page 2 – WindowsTechs.com

Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig

Posted on January 19, 2021 by Tim Starks

Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House. Sulmeyer’s selection came with no formal announcement. Instead, the transition website posted his position Monday evening. Sulmeyer is a cybersecurity veteran with broad experience, one of many to join the Biden administration. He’s also one of several whose tenures have included roles in the Trump administration. Beyond serving under Nakasone, he also served in the Obama administration at the Defense Department, where he was director for plans and operations for cyber policy. Between roles in the Trump and Obama administrations, he was director of the Belfer Center’s Cyber Security Project at the Harvard Kennedy School. He also wrote extensively for Lawfare on subjects like election security, federal cybersecurity strategy and DOD-related cybersecurity issues. In the past, the National Security […]

The post Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig appeared first on CyberScoop.

Continue reading Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig→

Rob Joyce named new NSA cybersecurity director

Posted on January 15, 2021 by Shannon Vavra

Rob Joyce, the National Security Agency’s special U.S. liaison officer at the U.S. Embassy in London, will replace Anne Neuberger as director in the agency’s Cybersecurity Directorate, the NSA announced Friday. The Biden transition team announced Wednesday that Neuberger will soon be joining the Biden administration as deputy national security adviser for cyber and emerging technology on the National Security Council (NSC). It was not immediately clear who would take on Joyce’s role as the NSA’s senior cryptologic representative in the U.K. Joyce has a long track record of working in cybersecurity leadership roles in the U.S. government. He previously served as senior advisor for cybersecurity strategy to the NSA director, and before that served as special assistant to the president and cybersecurity coordinator on the NSC at the White House. At the NSC Joyce was responsible for national and international cybersecurity strategy and policy for the government. His expertise in cyber-operations […]

The post Rob Joyce named new NSA cybersecurity director appeared first on CyberScoop.

Continue reading Rob Joyce named new NSA cybersecurity director→

After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

Posted on September 15, 2020 by Sean Lyngaas

Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency. That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users and updated passwords within a domain. The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.” Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound […]

The post After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later appeared first on CyberScoop.

Continue reading After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later→

Lawmakers call for cyber leadership as they introduce bill that would create White House post

Posted on June 25, 2020 by Sean Lyngaas

After then-national security adviser John Bolton eliminated the position of White House cybersecurity coordinator in the spring of 2018, Democratic lawmakers quickly introduced a bill to restore the position, arguing that it was crucial for the White House to show leadership on the issue. The bill never went anywhere. But two years later, the push for creating a top White House cybersecurity post is gaining fresh traction, with support from Republicans. A bipartisan group of House members on Thursday introduced new legislation that would create a “national cyber director” at the White House. The director would serve a similar role to the coordinator, but have more authority to examine cybersecurity budgets and oversee national incident response. Instituting a national cyber director was a key recommendation put forth by the congressionally mandated Cyberspace Solarium Commission, which released a report in March arguing for big changes to U.S. cybersecurity policy. Two leading members […]

The post Lawmakers call for cyber leadership as they introduce bill that would create White House post appeared first on CyberScoop.

Continue reading Lawmakers call for cyber leadership as they introduce bill that would create White House post→

Experts urge organizations to address festering critical Citrix flaw

Posted on January 10, 2020 by Sean Lyngaas

It’s been more than two weeks since researchers went public with a critical vulnerability in products made by corporate VPN service provider Citrix that could give a hacker free rein over the many enterprise networks that use the software. Now, with no sign of a complete patch for the vulnerability, cybersecurity experts are exhorting organizations to address the issue. “It’s extremely important to apply the mitigation steps and recognize that there is no patch for this,” said Dave Kennedy, founder of cybersecurity company TrustedSec, adding that he has already seen attackers scanning for vulnerable systems. “We have a working exploit, and it took us under a day to develop it,” Kennedy told CyberScoop. “Attackers have the same capabilities.” The flaw, discovered by cybersecurity company Positive Technologies, is in a Citrix cloud-based application delivery tool, as well as a product that allows remote access to the company’s applications. Based on the […]

The post Experts urge organizations to address festering critical Citrix flaw appeared first on CyberScoop.

Continue reading Experts urge organizations to address festering critical Citrix flaw→

NSA points to two-year patching window in remarks about Baltimore incident

Posted on May 30, 2019 by Shannon Vavra

In the wake of the Baltimore ransomware attack, a senior adviser at the National Security Agency said Thursday there is no “indefensible” nation-state-built tool that is responsible for the spread of ransomware and network administrators have a responsibility to patch their systems, especially when patches have been released for critical flaws. The comments come after The New York Times reported this past week that RobbinHood, the ransomware strain behind the Baltimore ransomware attack, was able to spread on the city IT infrastructure partly due to its use of a leaked NSA tool known as EternalBlue. The Times report, which cites security experts briefed on the matter, states EternalBlue was discovered as incident response teams fixed the issues that had crippled a number of the city’s online services. “The characterization that there is an indefensible nation-state tool propagating ransomware is simply untrue,” Rob Joyce, a senior adviser at the NSA, said Thursday […]

The post NSA points to two-year patching window in remarks about Baltimore incident appeared first on CyberScoop.

Continue reading NSA points to two-year patching window in remarks about Baltimore incident→

No ‘smoking gun’ evidence coming on Huawei, NSA official says

Posted on March 7, 2019 by Sean Lyngaas

Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.” U.S. officials have long accused Chinese tech companies Huawei and ZTE of being potential vessels for spying. One reason is that under Chinese law, companies are required to cooperate with national intelligence activities. Huawei and ZTE strenuously […]

The post No ‘smoking gun’ evidence coming on Huawei, NSA official says appeared first on CyberScoop.

Continue reading No ‘smoking gun’ evidence coming on Huawei, NSA official says→

Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’

Posted on March 6, 2019 by Lorenzo Franceschi-Bicchierai

The NSA release a free and open source reverse engineering app called ‘Ghidra.” Continue reading Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’→

NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public

Posted on March 6, 2019 by Sean Lyngaas

After years lurking in the shadows, the National Security Agency’s tool for reverse-engineering malware is now out in the open. The software framework has moved from classified status into use by military analysts and contractors in sensitive-but-unclassified settings, and now it’s available to anyone with an internet connection. In a bid to help private and public-sector analysts track how malicious code evolves and morphs, the agency announced the release of the tool at the RSA Conference in San Francisco on Tuesday. “As we open-source it, I think the creative folks on the outside are going to build modules and capabilities and they’re going to be able to collaborate with us on improving it even further,” Rob Joyce, senior cybersecurity adviser at NSA, said at an interview. The gist of the software framework, called Ghidra, is that it allows analysts to compare different versions of malicious code to understand what each is doing differently, including […]

The post NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public appeared first on CyberScoop.

Continue reading NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public→

NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking

Posted on February 28, 2019 by Sean Lyngaas

The United States will do more to disrupt the malicious cyber-activity that foreign adversaries are aggressively using to advance their interests, a National Security Agency official said Thursday. “We have to impose costs in a visible way to start deterrence,” said Rob Joyce, senior cybersecurity adviser at NSA. “We have to go out and try to make those operations less successful and harder to do.” Speaking to an industry association in Hanover, Maryland, Joyce cited the 2017 WannaCry and NotPetya malware outbreaks — and Russia’s use of information operations in the 2016 U.S. election — as examples of nation-states moving from “exploitation to disruption” to impose their will in cyberspace. Washington has blamed North Korea and Russia, respectively, for the devastating WannaCry and NotPetya attacks, which cost billions of dollars in economic damage. Some foreign governments have less legal constraints on their activities in cyberspace than the U.S., Joyce told a local […]

The post NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking appeared first on CyberScoop.

Continue reading NSA’s Joyce outlines how U.S. can disrupt and deter foreign hacking→