Millie
your market intelligence analyst
Search Results
Edit Save
1,750 results
Cyberscoop 01/17/2020 17:02
As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes. “One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday. He was referring to Russian military officers’ hacking of email servers used by the Democratic political organizations, and the selective leaking of those emails to the public. Despite a lot of progress on election security since Russian interference in 2016, the personal email accounts used by political campaigns are still a wea.
Cyberscoop 01/17/2020 12:12
Over the course of a week, the security implications have grown more dire for a critical vulnerability in two popular products made by Citrix, a corporate virtual private network service provider used at many Fortune 500 companies. The flaw exists in a Citrix cloud-based application delivery tool, as well as in a product that allows remote access to the company’s applications. Experts say that successful exploitation of the bug could allow a hacker to burrow into the many enterprise networks that use the software. The result could be the exposure or theft of corporate information from Citrix clients who otherwise trust technology provided by the $2.5 billion company. First, experts said that attackers would soon begin exploiting the flaw. C.
Cyberscoop 01/17/2020 09:09
U.S. authorities have shuttered a website claiming users could scour more than 12 billion records compiled from some 10,000 data breaches to purchase usernames, passwords and other personal data meant to facilitate identity theft. The U.S. Department of Justice on Thursday announced its seized weleakinfo.com, which has existed since 2017. The site sold different subscription levels, making it possible for scammers to access and search through the database. Two 22-year-old men, one in the Netherlands and the other in Northern Ireland, were arrested in connection with running the site, according to the Dutch news outlet Nu.nl. Law enforcement from the U.K. and Germany also assisted in the shutdown. The site also promised to alert members if t.
Cyberscoop 01/16/2020 14:45
Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that move.
Cyberscoop 01/15/2020 17:59
The federal agency charged with supporting small U.S. businesses should take “immediate action” to ensure that such firms are adequately protected from the cyberthreats emanating from Iran, a bipartisan pair of senators said Wednesday. “We are concerned that small businesses may not have the information and tools necessary” to implement cybersecurity practices recommended by the Department of Homeland Security in the wake of the U.S. killing of Iran’s top general, Sens. Marco Rubio, R-Fla., and Ben Cardin, D-Md., wrote in a letter to the Small Business Administration. The advisory from DHS’s Cybersecurity and Infrastructure Security Agency warned of Iran’s history of “disruptive and destructive cyber operations against strategic targets” an.
Cyberscoop 01/15/2020 12:45
The Chief Information Security Officer for Democratic presidential candidate Pete Buttigieg’s campaign, Mick Baccio, has resigned, CyberScoop has learned. Baccio, who has been with the Buttigieg campaign since last August, told CyberScoop he left because he no longer agreed with the way senior leadership in the campaign was envisioning campaign cybersecurity. “[I left due to] fundamental philosophical differences with the campaign management regarding the architecture and scope of the information security program,” Mick Baccio told CyberScoop. Baccio declined to share details about what exactly led to his resignation. The campaign did not return a request for comment. Baccio’s departure may come as a blow to the campaign’s cybersecurity ope.
Cyberscoop 01/15/2020 12:14
Google users can now use an iPhone or Android device as a security key to sign into their accounts, utilizing a technique that improves their defense against phishing attacks, the company announced Wednesday. In a blog post, a product manager for Google’s Advanced Protection Program wrote that people who exclusively use security keys when logging in to their accounts “never fell victim to targeted phishing attacks.” Yet security keys, which are more secure than text-based authentication, typically are available in the form of a standalone physical device, an inconvenience that may discourage adoption. Google’s update Wednesday is a significant step toward solving that problem. Instead of plugging a key into a USB slot, users just need to ha.
Cyberscoop 01/15/2020 11:57
The professionals who work to uncover security vulnerabilities in hardware must find a "common language" for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers "do not have the same standard taxonomy that would enable them to share information and techniques with one another," Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website.
Cyberscoop 01/14/2020 15:06
Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging to some 147 million Americans, under the terms of a settlement approved by a federal judge. A court in the Northern District of Georgia on Monday approved an agreement covering the roughly 147 million people whose information was compromised when hackers spent May 2017 through July 2017 lurking in Equifax’s system. Equifax had failed to fix a known vulnerability, resulting in the theft of information about many Americans who never signed up with the credit monitoring service. A House Oversight committee in October 2018 said the incident was “entirely preventable.” Under the terms of the settlement, Equ.
Cyberscoop 01/14/2020 14:36
The National Security Agency recently uncovered a severe vulnerability in Microsoft’s Windows operating system, helping the company issue patches and publicly raise awareness instead of using the flaw for its intelligence operations. The vulnerability, for which Microsoft issued a patch, makes Windows 10 and Windows Server 2016/2019 “fundamentally vulnerable,” according to a NSA advisory. Listed as CVE-2020-0601, the vulnerability occurs because Microsoft Windows CryptoAPI fails to properly validate certificates that use elliptic curve cryptography, which may allow an attacker to spoof the validity of certificate chains. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and ca.
Cyberscoop 01/14/2020 13:47
In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “Our adversaries look to the political climate … it wouldn’t surprise me at all th.
Cyberscoop 01/14/2020 09:23
Amnesty International is urging an Israeli court to restrict the business of NSO Group, a spyware vendor accused of helping repressive governments spy on dissidents and journalists. The U.K.-based human rights group on Tuesday published a statement encouraging Tel Aviv’s District Court to revoke NSO Group’s export license, a move that would effectively prohibit the company from providing foreign clients with its technology. NSO Group sells Pegasus, hacking software which allows clients to monitor targets’ emails, text messages, collect passwords and gather other valuable personal information. Government critics and journalists in Mexico, Saudi Arabia and the United Arab Emirates have been targeted with Pegasus, Amnesty said. “The best way t.
Cyberscoop 01/14/2020 08:00
An Arizona-based startup used by the likes of Microsoft and Aetna on Tuesday announced it has raised $20 million, bringing its total funding to $35 million. Trusona, founded in 2015, describes itself as an enterprise authentication company that helps customers abandon passwords in favor of QR codes. By using their phone to scan a QR code on their desktop, the idea goes, users can log-in to their accounts without a username and password, just as long as that service also is using Trusona. Along with physical security keys, password management tools and biometrics, it’s the latest emerging technology that is challenging traditional sign-on techniques. “It’s not just a fad,” said Trusona chief executive Ori Eisen, a former financial industry e.
Cyberscoop 01/13/2020 16:56
Boing Boing, a popular blog and news aggregator with deep roots on the internet, said Monday that an unknown attacker had used a hacked account of one of its team members to spread malicious code. The hacker was able to get around two-factor authentication — an extra security measure — to log into the Boing Boing content management system (CMS) software. From there, the attacker installed a widget that redirected Boing Boing visitors to a malicious web page, the publication said in a statement under the tagline, “We Wuz Hacked.” Founded three decades ago as a zine, Boing Boing is an irreverent and eccentric news site that embraced blogging long before it became popular. Its contributors have long promoted sound security practices. In May 20.
Cyberscoop 01/13/2020 10:00
The financial exchange Travelex said Monday it has restored some of its digital capabilities for foreign currency trades, nearly two weeks after a ransomware attack forced staff to rely on pens and paper. Travelex said its making “good progress” in its recovery from a security incident that, on Dec. 31, forced the company to suspend online services, including its app and internal email systems. Ransomware attackers used a malicious software strain called Sodinokibi, or REvil, reportedly to demand a fee of $6 million (£4.6 million) to release the affected data. Now, Travelex said, it is restoring internal processes and issuing refunds to customers “where appropriate,” according to Reuters. Hackers previously told the computer security blog B.
Cyberscoop 01/10/2020 16:54
It’s been more than two weeks since researchers went public with a critical vulnerability in products made by corporate VPN service provider Citrix that could give a hacker free rein over the many enterprise networks that use the software. Now, with no sign of a complete patch, cybersecurity experts are exhorting organizations to address the issue. “It’s extremely important to apply the mitigation steps and recognize that there is no patch for this,” said Dave Kennedy, founder of cybersecurity company TrustedSec, adding that he has already seen attackers scanning for vulnerable systems. “We have a working exploit, and it took us under a day to develop it,” Kennedy told CyberScoop. “Attackers have the same capabilities.” The flaw, discovered.
Cyberscoop 01/10/2020 13:03
The FBI has told U.S. companies that Iranian hackers have stepped up their probing and reconnaissance activity in the days since the U.S. military killed Iranian Maj. Gen. Qassem Soleimani. In an advisory to industry this week obtained by CyberScoop, the FBI warned that Iranian hackers could target cleared defense contractors, government agencies, academia and nongovernmental organizations focused on Iran issues. The FBI assesses that Iranian hackers could use “a range of computer network operations against U.S.-based networks in retaliation for last week’s strikes against Iranian military leadership,” says the memo, which is labeled “TLP White,” meaning its recipients can distribute it liberally. The Jan. 9 alert did not elaborate on the n.
Cyberscoop 01/10/2020 09:34
Britain’s data protection authority said Thursday it has fined Dixons Carphone, a massive electronics retailer, the maximum fine allowed under law for a data breach that exposed financial information from millions of customers. Malicious software lurking inside point-of-sale systems at Dixons Carphone stores from July 2017 through April 2018 collected payment card data of 5.6 million people. Attackers accessed personal information including names, email addresses and details about failed credit checks on some 14 million people. The U.K.’s Information Commissioner’s Office fined the company £500,000 ($653,000) for the incident, the high penalty authorized under the U.K.’s 1988 Data Protection Act. The ICO found that Dixons Carphone, which re.

Automotive Industries

Business Issues

Companies - Public

Companies - Venture Funded

Global Markets

Government Agencies

Information Technologies

Job Titles

Legal and Regulatory

Market Research Topics

Political Entities

Sources

Strategic Scenarios

Trends