Reassurances from Georgia. New info about a familiar APT.
READ IN BROWSER
WEDNESDAY, NOV. 18, 2020
CyberScoop
Indeed, Trump did it. Georgia's top election official says an audit found no foul play in voting technology. And don't forget about APT10. This is CyberScoop for Wednesday, Nov. 18, 2020.

Trump sends Krebs packing

After days of rumors that it would happen, President Donald Trump on Tuesday evening fired CISA Director Chris Krebs, who repeatedly refuted the president’s baseless claims of electoral fraud and was widely respected by Republican and Democratic election officials at the state level. Praise for Krebs poured in from lawmakers and private-sector executives. It’s the latest in a series of White House purges of officials deemed insufficiently loyal to the president. Sean Lyngaas explains the domino effects at CISA.

ICYMI: How is information being shared during the pandemic?

Given the state of the world, it's more important than ever to defend the internet. Whether it's reports about criminals spinning up COVID-related scams, ransomware attacks, or some other form of cybercrime, information still needs to be shared between enterprises in order to keep things working as much as possible. Listen to this episode of Securiosity.

Review of Ga. voting machines found no foul play

Georgia's Secretary of state again pushed back Tuesday against a tide of disinformation about election security in announcing that an audit of the state’s voting machines found no evidence of foul play in this year's presidential election. “We are glad but not surprised that the audit of the state’s voting machines was an unqualified success,” Brad Raffensperger said in a press release. Technology testing company Pro V&V reviewed a sample of the new equipment that Raffensperger introduced to Georgia voters this year, including touchscreen ballot-marking devices, precinct-level ballot scanners and large-scale scanners used to read absentee ballots. Benjamin Freed reports at StateScoop.

APT10: Did you miss us?

The group known in the West as APT10, which U.S. officials have tied to China’s civilian intelligence agency, has engaged in a yearlong hacking campaign against multiple Japanese companies, researchers from Symantec said Tuesday. The alleged IP theft scheme spans the pharmaceutical, automotive and engineering sectors, and marks a resurgence for the group after a 2018 U.S. Justice Department indictment. Sean has more.

ICYMI: How is information being shared during the pandemic?

Given the state of the world, it's more important than ever to defend the internet. Whether it's reports about criminals spinning up COVID-related scams, ransomware attacks, or some other form of cybercrime, information still needs to be shared between enterprises in order to keep things working as much as possible. Listen to this episode of Securiosity.

Financial system isn't on top of threats, report says

The Carnegie Endowment for International Peace and the World Economic Forum unveiled a strategy for defending the global financial system from cyberattacks that could cause severe disruption. Written with advice from government officials and the financial industry itself, the assessment argues that the sector's digital transformation — sped up by the coronavirus pandemic — has made it more vulnerable to attackers. Tim Starks has more.

FIN7 operator pleads guilty, faces 25 years

One of the ringleaders of FIN7, a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, has admitted his role in the scheme. Andrii Kolpakov pleaded guilty this week to conspiracy to commit wire and bank fraud and conspiracy to commit computer hacking as part of his involvement with FIN7. U.S. prosecutors had accused Kolpakov, a Ukrainian national, of working as a manager and recruiter for the crew, a role in which he hired and supervised computer specialists who spent their days stealing payment card information from dozens of companies, including Chipotle, Red Robin and Sonic Drive-In. Jeff Stone had the scoop.

The new 'Pluton’ security chip

Microsoft and three major computing vendors — AMD, Intel and Qualcomm Technologies — on Tuesday said they would produce security chips designed to keep attackers from stealing critical data such as encryption keys and credentials from computing systems. The goal of the "Pluton" project is to guard against a relatively new breed of attack techniques, made famous by the 2018 Spectre and Meltdown vulnerabilities, that pry data from a computer’s most sensitive enclaves. Sean explains the announcement.

Tech group pushes cyber measures in defense bill

TechNet is urging the lawmakers who are negotiating the annual defense policy bill to establish a national cyber director at the White House, as recommended by the Cyberspace Solarium Commission. They also are asking Congress to avoid restrictions on the Department of Defense's purchase of commercial products that use printed circuit boards — a subject of discussion among lawmakers trying to keep adversaries' tech out of the department. TechNet said such restrictions could harm American companies, too. The group also opposes proposed language that it says would hamper cyberthreat information sharing. Here's the letter.

Tweet of the Day

Image

Martin is the founding and former head of the U.K.'s National Cyber Security Centre.


Want more? Catch our events for all things cybersecurity!
Copyright (c) 2020 CyberScoop, All rights reserved.

Scoop News Group
2001 K Street NW
Washington DC

Update your email preferences
Unsubscribe