Government/Defense | SC Media

Government/Defense

Report: Iran claims to have thwarted a U.S. cyberespionage operation

Iran is reportedly claiming that it successfully uprooted a CIA-led cyberespionage operation and arrested several U.S. spies in the process. “One of the most complicated CIA cyberespionage networks that had an important role in the CIA’s operations in different countries was exposed by the Iranian intelligence agencies a while ago and was dismantled,” said Ali…

"Aaron's Law," to amend the CFAA, introduced in Congress

U.S. House passes bill that would require DHS to maintain cyber hunt, IR teams

The U.S. House of Representatives yesterday passed its own version of the DHS Cyber Incident Response Teams Act of 2019, which would require the Department of Homeland Security to permanently maintain cyber hunt and incident response teams that help prevent and mitigate attacks on federal agencies and the private sector. Designated H.R.1158, the bill serves…

Russia’s 2016 election interference was highly organized, but fixes for 2020 are possible: reports

The campaign by Russia’s Internet Research Agency to interfere with the 2016 U.S. presidential election using fake Twitter accounts was even organized than many people realize, according to a new report from Symantec Corporation. But another new report from scholars at Stanford University prescribes more than 45 policy recommendations for how the U.S. can prevent…

Baltimore hackers taunt mayor, EternalBlue not used in attack

The hackers purportedly behind the Baltimore ransomware attack may be attempting to boost the pressure on the city to pay up as they have tweeted out some possibly sensitive information, additionally researchers have determined that the NSA hacking tool EternalBlue was not used in this attack. Eric Sifford, security researcher with Armor’s Threat Resistance Unit,…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

Report: G7 institutions to simulate cyberattack on financial sector

Twenty-four financial organizations from countries comprising the Group of Seven (G7) nations will reportedly simulate a major cross-border cyberattack on the financial sector next month. The exercise will present a scenario in which malware infects a technical component that is commonly used in the financial sector, according to a Reuters report citing Nathalie Aufauvre, director…

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. ELECTRICFISH is attributed to North Korea. The 32-bit Windows executable file is a command-line utility…

DHS warns against ‘password spray’ brute force attacks

The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by “password spray” attacks. In these attacks brute force login attacks, attempt to break into accounts using these simple passwords with the goal of stealing sensitive information and unlike social engineering, these…

RiskSec 2019: Israel strike on Hamas hackers did not ‘cross the rubicon’

Israel’s air strike of a Hamas cyber operations facility last weekend is not a game changer that opens the door for future military attacks as a common response to offensive cyber activity, according to Duke University Cyber Scholar Zhanna Malekos Smith, speaking at SC Media’s RiskSec conference today. “There are some people who say, ‘We’ve…

Next post in RiskSec 2019 Philadelphia