Connect with us

Cyber Security

Blackburn blocks vote on trio of election security bills in Senate



Despite warnings from FBI Director Christopher Wray that Russia is actively interfering with the 2020 presidential election through
information warfare, Senate Republicans rejected a trio of bills aimed at
election security.

Sen. Marsha Blackburn, R-Tenn., blocked each of
the bills, claiming the legislation was an attempt by Democrats
to rest control over elections “in the hands of Washington, D.C., bureaucrats.”

The Securing
America’s Federal Elections (SAFE)
Act, introduced by Sen. Ron Wyden, D-Ore., would require states to use paper ballots
as backup and mandate post-election audits as well as establish a set of election
system cybersecurity standards at the federal level.

Sen. Mark Warner, D-Va., advocated
for the Foreign Influence Reporting in Elections (FIRE) Act, under which
campaigns would have to report attempts by foreign entities to influence the
elections. The Duty
to Report Act
, introduced by Sen. Richard
, D-Conn., would mandate similar reporting requirements.

“America is 266 days away from the 2020 election, and Majority
Leader [Sen. Mitch] McConnell,
D-Ky., has yet to take any concrete steps to protect our …elections from
hacking or foreign interference,” Wyden said.

That is all the more troubling, Sen. Charles
, D-N.Y., said, after months-long impeachment proceedings against President
Trump that centered on whether president sought foreign assistance for the 2020
election. “The current president of the United States, far from having the
same fears about foreign interference as our founders, has been very public
about his openness to foreign assistance and manipulation in support of his
election,” he said. “The president was just impeached over this
issue, and the Senate just concluded a trial in which it appeared a bipartisan
majority of senators broadly accepted the fact that the president leveraged
hundreds of millions of dollars of military assistance to Ukraine to compel its
government to investigate one of his political rivals.” 

In a 2018 interview with ABC News political correspondent George
Stephanopoulos, Trump said he might entertain information from advantageous to
his campaign from a foreign actor and may or may not report it to the FBI or election

“The appropriate response is not to say thank you, the
appropriate response is to call the FBI,” said Warner.



Federal Government Inching Toward Enterprise Cloud Foundation



The federal government’s efforts to put an enterprise cloud platform in place to serve the Pentagon and other agencies has been slowed, but is lurching forward. (GETTY IMAGES)

By AI Trends Staff

The federal government continues its halting effort to field an enterprise cloud strategy, with Lt. Gen. Jack Shanahan, who leads the Defense Department’s Joint AI Center (JAIC), commenting recently that not having an enterprise cloud platform has made the government’s efforts to pursue AI more challenging.

“The lack of an enterprise solution has slowed us down,” stated Shanahan during an AFCEA DC virtual event held on May 21, according to an account in FCW. However, “the gears are in motion” with the JAIC using an “alternate platform” for example to host a newer anti-COVID effort.

Lt. Gen. Jack Shanahan, who leads the Defense Department’s Joint AI Center

This platform is called Project Salus, and is a data aggregation that is able to employ predictive modeling to help supply equipment needed by front-line workers. The Salus platform was used for the ill-fated Project Maven, a DOD effort that was to employ AI image recognition to improve drone strike accuracy. Several thousand Google employees signed a petition to protest the company’s pursuit of the contract, and Google subsequently dropped out.

Shanahan recommends the enterprise cloud project follow guidance of the Joint Common Foundation, an enterprise-wide, multi-cloud environment set up as a transition to the Joint Enterprise Defense Infrastructure program (JEDI). The JEDI $10 billion DOD-wide cloud acquisition was won by Microsoft in October, was challenged by Amazon and has been stuck in legal battles since.

“It’s set us back, there’s no question about it, but we now have a good plan to account for the fact that it will be delayed potentially many more months,” Shanahan stated.

That plan involves a hybrid approach of using more than one cloud platform. At Hanscom Air Force Base in Bedford, Mass., for instance, the Air Force’s Cloud One environment is using both Microsoft Azure and Amazon Web Services.

“I will never get into a company discussion, I’m agnostic. I just need an enterprise cloud solution,” Shanahan stated. “If we want to make worldwide updates to all these algorithms in the space of minutes not in the space of months running around gold discs, we’ve got to have an enterprise cloud solution.”

Joint Common Foundation Aims to Set Up Migration to JEDI

The Joint Common Foundation, announced in March, is an enterprise cloud-based foundation intended to provide the development, test and runtime environment—and the collaboration, tools, reusable assets and data—that the military needs to build, refine, test and field AI applications, according to a JAIC AI Blog post.

“The Infrastructure and Platform division is building an enterprise cloud-enabled platform across multiple govCloud environments in preparation for the JEDI migration,” stated Denise Hodge, Information Systems Security Manager, who is leading the effort to develop the Joint Common Foundation.

Denise Hodge, Information Systems Security Manager, who is leading the effort to develop the Joint Common Foundation

The JCF has the following design goals:

  • Reduce technical barriers to DoD-wide AI adoption.
  • Accelerate security assessments of AI products to support rapid authorization decisions and AI capability deployment.
  • Create standardized development, security, testing tools, and practices to support secure, scalable AI development.
  • Facilitate the concept of secure re-use of AI resources, software, tools, data, and lessons learned that capitalize on the progress made by each JCF AI project.
  • Encourage efficiencies by finding patterns in JCF customer needs and creating solutions that are repeatable to build core products that advance AI development
  • Mitigate risk by providing a common, standardized, and cyber-hardened infrastructure and platform for AI development, assessments, and rapid deployment promotion.

Hodge has spent much of her career supporting Chief Information Officers and Authoring Officials in various IT ecosystems in the Department of Defense, concentrating especially on cybersecurity. “Cybersecurity is the thread that binds the enterprise cloud together,” she stated.

She described four pillars of security to promote cyber engagement and governance: infrastructure security; secure ingest, ongoing authorization and continuous monitoring.

“This initiative is to provide a common, standardized, and hardened development platform that promotes a secure AI development ecosystem,” Hodges stated.

JEDI Project Tied Up in Court

In court documents released in March, Amazon argued that the Pentagon’s proposed corrective action approach over the disputed $10 billion cloud contract, is not a fair re-evaluation, according to an account from CNBC.

Amazon was seen as the favorite to win the JEDI contract, until President Donald Trump got involved. Amazon alleges that the President launched “behind the scenes attacks” against Amazon. Some of them were detailed in the memoir of James Mattis, the retired Marine Corps general who served as US Secretary of Defense from January 2017 through January 2019. In the memoir, Mattis stated that President Trump told him to “screw Amazon” out of the contract.

Amazon is seeking to depose a number of people involved in the JEDI recommendation. The dispute is ongoing.

Read the source articles at FCW, JAIC AI Blog post and CNBC.


Continue Reading

Cyber Security

26 USB Bugs Found in Linux , Windows, macOS and FreeBSD



USB devices

Academics say they have found 26 new vulnerabilities in the USB driver stack that operating systems like Linux , macOs, Windows and FreeBSD employ.

The research team, consisting of Purdue University’s Hui Peng and Swiss Federal Institute of Technology Lausanne’s Mathias Payer, said all the bugs were found using a new tool they developed, called USBFuzz.

The tool is what security practitioners call a fuzzer. Fuzzers are applications that allow security researchers to submit large quantities of null, unwanted, or random data into other programs as inputs.

Security researchers then analyze how the software being tested conducts the discovery of new bugs, some of which may be maliciously exploited.

A New Portable USB Fuzzer Built by Academics

Peng and Payer created USBFuzz to test USB drivers, a new fuzzer designed specifically for testing the USB driver stack of modern-day operating systems.

“USBFuzz uses a software-emulated USB device at its heart to provide drivers with random device data (when they conduct IO operations),” the investigators said.

“As the emulated USB interface works at system level, it is straightforward to port it to other platforms.”

This enabled the research team not only to test USBFuzz on Linux, where most fuzzer programs work, but other operating systems too. Researchers have said USBFuzz was checked on:

  • 9 recent versions of the Linux kernel: v4.14.81, v4.15,v4.16, v4.17, v4.18.19, v4.19, v4.19.1, v4.19.2, and v4.20-rc2 (the latest version at the time of evaluation)
  • FreeBSD 12 (the latest release)
  • MacOS 10.15 Catalina (the latest release)
  • Windows (both version 8 and 10, with most recent security updates installed)

Study Team Finds 26 New Bugs

After their experiments the research team said they found a total of 26 new bugs with the help of USBFuzz.

Researchers found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reset and one freezing of the system), and four in Windows 8 and 10 (resulting in Death’s Blue Screens).

But the vast majority, and the most serious, of bugs were found in Linux — 18 in all.

Sixteen were high-security impact memory bugs in different Linux subsystems (USB core, USB sound, and network), one bug resided in the Linux USB host controller driver, and the last one was in a USB camera driver.

Peng and Payer said they reported these bugs to the Linux kernel team and suggested patches to reduce “the burden on the kernel developers while addressing the identified vulnerabilities.”

Of the 18 Linux bugs, 11 have received a patch since their initial reports last year, the research team said. Ten of those 11 bugs were also given a CVE, a special code assigned to major security vulnerabilities.


Further updates for the remaining seven problems are also expected in the immediate future.

“The remaining bugs fall into two classes: those still being published under embargo and those discovered and documented simultaneously by other researchers,” said the researchers.

USBFuzz is Open Source

Yesterday Payer released a draft of a white paper from the research team detailing their work on USBFuzz. Peng and Payer are planning to present their research at the Virtual Security Conference at Usenix Security Symposium, scheduled for August 2020.

Similar work has been done in the past. In November 2017, a security engineer from Google used a Google-made fuzzer called syzkaller to discover 79 bugs affecting USB drivers on the Linux kernel.

Peng and Payer said that USBFuzz is superior to previous tools like vUSBf, syzkaller, and usb-fuzzer because their tool gives testers more control over the test data and is also portable across operating systems, contrary to all of the above, which usually only work on * NIX systems.

Following Peng and Payer’s Usenix talk USBFuzz is expected to be published on GitHub as an open source project. The repo can be found here.

Copies of Peng and Payer ‘s paper, entitled “USBFuzz: A System for Computer Emulation Usb Drivers Fuzzing,” are available here and here in PDF format.


Continue Reading

Cyber Security

A New Version of the ComRAT Malware



ComRAT Malware

An modified version of the ComRAT malware that was used in recent attacks by Russia-linked cyber-espionage threat actor Turla will connect to Gmail to receive commands, ESET reports.

Also known as Snake, Venomous Bear, KRYPTON, and Waterbug, it is suspected the hacking community has been involved since at least 2006, based on the use of ComRAT, also known as Agent. BTZ and Chinch.

One of the group ‘s oldest malware families, ComRAT was used in 2008 to attack the US military and saw two major versions released until 2012, both of which were derived from the same code base. The hackers had made few modifications to the malware by 2017.

ComRAT v4, the version published in 2017, is much more complex than its predecessors, and is reported to have been in use even in this year’s attacks, according to ESET’s security researchers. ComRAT v4’s first report appears to have been collected in April 2017, while the latest is dated November 2019.

To date, Turla has used the malware to threaten at least three victims (two foreign ministries and a national parliament) to exfiltrate sensitive public cloud services such as OneDrive and 4shared.

Crafted in C++, ComRAT v4 is deployed using existing access methods, such as the backdoor PowerStallion PowerShell, and has two command and control (C&C) channels, namely HTTP (the same protocol used in the previous variant) and email (could receive commands and exfiltrate data via Gmail).

Based on the cookies stored in the configuration file, the malware will connect to the Gmail web interface to check an inbox and download attachments containing encrypted commands sent from another address by the attackers.

The new malware variant is internally called Chinch (same as previous versions), shares part of its network infrastructure with Mosquito, and Turla malware, such as a modified PowerShell loader, PowerStallion backdoor and RPC backdoor, has been observed to be dropped or dropped.

ComRAT v4, which is specifically designed to exfiltrate sensitive data, also helps attackers to deploy additional malware to compromised environments. Operators can also run commands to gather information from the compromised systems, such as groups or users of Active Directory, network details, and configurations of Microsoft Windows.

Components of the malware include an orchestrate inserted into explorer.exe that controls most of the functions, a communication module (DLL) injected into the orchestra’s default browser, and a Virtual FAT16 File System that includes configuration and logs.

The security researchers have noted a emphasis on evasion, with the hackers routinely exfiltrating log files related to security to determine whether or not their methods have been identified.

“The most interesting feature is that the Gmail web UI is used to receive commands and exfiltrate data. And it can bypass any security controls because it is not dependent on any malicious domain. We also found that this new version abandoned the use for persistence of a COM object hijacking, the method that gave the malware its common name, “the researchers note.

With ComRAT v4 still in use earlier this year, it’s clear that Turla remains an significant threat to diplomats and military personnel, ESET concludes.


Continue Reading
Blockchain1 hour ago

$10 Million Burned on BitMEX Shorts as Bitcoin Surges to $9,700

Blockchain1 hour ago

Bitcoin recovers from downward price spiral

Blockchain1 hour ago

Cryptocurrency News From Japan: May 24 – May 30 in Review

Blockchain1 hour ago

Trump Tower is ‘under siege’ as Chicago Police make arrests to defend the president’s building

Blockchain2 hours ago

Ethereum Erupts 10% Higher: Here’s Why Analysts Think More Upside Is Imminent

Blockchain2 hours ago

Cointelegraph Joins World Economic Forum’s Strategic Intelligence Network

Blockchain2 hours ago

Bitcoin Monthly Close is 1 Day Away: Here’s the Level That May Trigger a Big Rally

Blockchain3 hours ago

Ethereum Price Prediction: ETH/USD Regains Ground But $250 Still Unconquered

Blockchain3 hours ago

Bitcoin: One size doesn’t fit all for UTXO management

Blockchain3 hours ago

“I Didn’t Leave My Hotel, Hardly Ate” – How Lewis Hamilton Struggled With Defeats in F1

Blockchain3 hours ago

Peter Schiff Claims The Latest Bitcoin Rally Is Due To Major Manipulation By Whales

Blockchain3 hours ago

Bitcoin Rising, Satoshi Discoveries, & Google Enters the Race: Bad Crypto News of the Week

Blockchain3 hours ago

Daily Market Report for May 30 2020

Blockchain3 hours ago

Bitcoin’s Rise has Not Been Supported by Growing Volume; What This Means

Blockchain3 hours ago

Bitcoin IRA Halving Report Suggests $280,000 Price for BTC

Blockchain3 hours ago

Fixing Google Chrome’s Current Codebase may Eventually Become too Costly

Blockchain3 hours ago

Bitcoin Price Prediction: BTC/USD Price Ranges as the Coin Holds $9,300 Support

Blockchain4 hours ago

Crypto Strategist Who Accurately Called Bitcoin Bear Market Bottom Says BTC Is Poised for An Explosive Breakout

Blockchain4 hours ago

Tether might threaten Ether’s position as payment tool

Blockchain4 hours ago

CME’s Open Interest Suggests a Bitcoin Price Jump is Imminent