National cyber director endorses plan for a bureau to collect, analyze threat data

National Cyber Director Chris Inglis called for the creation of a bureau of cyber statistics while outlining his priorities for the office in a speech Tuesday. The idea, initially proposed by Congress’s bipartisan Cyberspace Solarium Commission, would require the Department of Homeland Security to collect, process, and analyze statistics relevant to cyber threats and cybercrimes. It would require organizations that provide incident response services or cyber insurance to report information every 180 days. Inglis was a member of the same commission prior to his current role. “I would observe that to properly address risk we have to first understand it. We have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” Inglis said at an Atlantic Council event. “I think all would agree that in the absence of this information, we are going to be episodic, we’re going […]

The post National cyber director endorses plan for a bureau to collect, analyze threat data appeared first on CyberScoop.

Continue reading National cyber director endorses plan for a bureau to collect, analyze threat data

Trump Fires Security Chief Christopher Krebs

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. Continue reading Trump Fires Security Chief Christopher Krebs

Election security pros focus on effective partnerships

Trust the process. That’s the message from a group of election security experts who, during a virtual panel discussion at CyberTalks, said they are working to safeguard the 2020 election from an array of cybersecurity threats. Benjamin Hovland, a commissioner on the U.S. Election Assistance Commission, Jack Cable, an election security technical adviser at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Matt Masterson, a senior cybersecurity adviser at CISA, explained that the goal isn’t only to protect the Nov. 3 election, but also to ensure that the American people can trust the results. The CyberTalks panel was led by John DeSimone, vice president of cybersecurity, training and services at Raytheon Intelligence and Space. In a series of questions, DeSimone, probed the election security experts on the ways that U.S. government entities and the defense industrial base are working together “from a mission assurance perspective” to protect […]

The post Election security pros focus on effective partnerships appeared first on CyberScoop.

Continue reading Election security pros focus on effective partnerships

US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage

U.S. cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. The Department of Homeland Security and U.S. Cyber Command said Monday that a “critical” flaw in technology from Palo Alto Networks, a multinational security firm based in California, could enable attackers “with network access” to obtain sensitive information. The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products. Cyber Command said in a tweet that advanced hacking groups “will likely attempt exploit soon.” Palo Alto Networks issued a patch on Monday for the security flaw, the start of a weeks or months-long process in which corporate security teams will start updating their technologies to fend off hacking groups. The software flaw, officially dubbed CVE-2020-2021, was designated a 10.0 […]

The post US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage appeared first on CyberScoop.

Continue reading US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage

North Korea issues blanket denial to US hacking accusations

The North Korean government issued a statement denying U.S. allegations that hackers used cyberattacks to raise money on Pyongyang’s behalf. U.S. and international cybersecurity officials, along with private sector specialists, have accused North Korean hackers of infiltrating global financial networks, stealing from ATMs, and demanding ransoms in bitcoin as part of a wider effort to help the government evade sanctions. The FBI, along with the departments of Homeland Security, Treasury and State, issued an advisory in May warning that North Korean hackers had used an array of malicious software tools to continue their operations. “We know well that the ulterior intention of the United States is to tarnish the image of our state and create a moment for provoking us by employing a new leverage called ‘cyber threat’ together with the issues of nuke, missiles, ‘human rights,’ ‘sponsoring of terrorism’ and ‘money laundering,’” North Korea’s Ministry of Foreign Affairs said […]

The post North Korea issues blanket denial to US hacking accusations appeared first on CyberScoop.

Continue reading North Korea issues blanket denial to US hacking accusations

U.S. Govt. Makes it Harder to Get .Gov Domains

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain.

In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov. Continue reading U.S. Govt. Makes it Harder to Get .Gov Domains

Dangerous Domain Corp.com Goes Up for Sale

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe. Continue reading Dangerous Domain Corp.com Goes Up for Sale

It’s Way Too Easy to Get a .gov Domain Name

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Continue reading It’s Way Too Easy to Get a .gov Domain Name