Government

Government

‘Sharpshooter’ cyberespionage campaign scopes out defense, critical infrastructure sectors

By

A global phishing campaign called Operation Sharpshooter was discovered using fake job recruitment documents to infect defense, government and critical infrastructure organizations with a malicious backdoor implant, presumably for cyber espionage purposes. The implant, nicknamed Rising Sun, was observed in least 87 impacted organizations over the course of October and November, McAfee Labs reported today…

Australian flag

Australia passes law forcing tech giants to circumvent encryption on target devices

By

Australia’s parliament on Thursday passed groundbreaking legislation that instructs tech developers to help law enforcement investigations by intercepting the encrypted communications of suspects’ devices. Known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the law contains language requiring companies in some cases to build new capabilities to decrypt protected communications if…

DHS algorithm to assess federal agencies’ cyber posture

By

Federal agencies are reportedly feeding data into a special algorithm introduced by the  Department of Homeland Security (DHS) in order to assess their cyber posture scores. This Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm should go into full production by fiscal year 2020, news outlet GCN reported yesterday, citing a public presentation yesterday by DHS Continuous…

‘Cannon’ downloader tool added to Fancy Bear’s APT arsenal

By

A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…

fancy-bear

Cozy Bear tracks: Phishing campaign looks like work of Russian APT group

By

Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…

IT pros dubious of government officials’ cyber knowledge

By

A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies. Conducted during last August’s 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government…

Report: NIST to use IBM’s Watson AI system to score vulnerabilities

By

The U.S. National Institute of Standards and Technology (NIST) reportedly plans to replace its method of scoring publicly disclosed vulnerabilities with a new automated process leveraging IBM’s Watson artificial intelligence system. The agency expects Watson to supplant its current Common Vulnerability Scoring System (CVSS) process for most bugs by October 2019, according to a report…

Report: ‘Trump’ most common spam term during run-up to elections

By

The president himself may not be up for election in 2018, yet “Trump” is the most common term used in election-themed spam campaigns, according to a new report from Proofpoint.  Starting Sept. 27, Proofpoint researchers searched its spam filters for subject lines and email bodies containing various political terms, candidates and power players. In a…

State of security: Iowa

By

Who’s in charge: Secretary of State Paul Pate, Director of Elections Dawn Williams Iowa uses nothing but paper ballots for all forms of voting, and then tabulates the votes with ballot marking technology or optical scanners. The auditing process has come under some criticism for a variety of perceived flaws, including its scope, which is limited to a…

State of security: West Virginia

By

Who’s in charge: Secretary of State Mac Warner, Manager of Elections Donald Kersey West Virginia is attempting something unprecedented in this year’s 2018 elections: It will reportedly become the first state to allow residents and military members stationed abroad to vote in a general election using a mobile app. Overseas absentee voters will use this app, which is…

Next post in Election Coverage