Tag Archive for: Orange

CSUF cybersecurity students compete to hack into vulnerable systems – Orange County Register

/in


Last fall, Cal State Fullerton cybersecurity students competed in the Collegiate Penetration Testing Competition where teams of students from the region met to determine how to hack the security systems of an airport and then presented a report of their findings to executives.

The Cal State Fullerton team of six students placed second in the high-pressure competition, which provided real-world experience that they will bring to the jobs that await them once they graduate. Business sponsors often recruit winners for employment during these events, said Mikhail Gofman, professor of computer science and director of the ECS Center for Cybersecurity in the College of Engineering and Computer Science.

Penetration testing means trying to break through the security systems of a business by using the same tools and techniques that hackers use. If a penetration tester can discover and exploit a vulnerability, Gofman said, then so can an attacker.

“This is often called the security governance,” Gofman said, “the goal of which is to ensure the cybersecurity of the company. It is driven by risk management, and, of course, cyberattacks are a big part of the company risk management, because a cyberattack can have very devastating consequences.”

The regional competition focused on the security systems of an airport. “They weren’t actually real airport systems, but real networks which simulated what a network infrastructure of an airport would look like,” Gofman said. “The students had 12 hours, from morning to night, to conduct the penetration test to find and exploit as many security vulnerabilities as possible.”

Then they had to write a professional penetration testing report that communicated their findings in plain language.

“Our goal as a team was to try to fully compromise the company, given only a set of IP ranges and some scattered fictitious employee information they left on the internet for us to exploit,” said fourth-year student Katherine Chen, who was a member of the winning team.

“You use public information on the internet to impersonate someone and use their information for malicious purposes, which we were successfully able to do,” Chen said. “At…

Source…

AT&T says outage triggered by company work on network, not hack – Orange County Register

/in


By Jillian Deutsch, Todd Shields, Jake Bleiberg and Jennifer Jacobs | Bloomberg

AT&T Inc. said a widespread outage that took hours to resolve Thursday was caused by “an incorrect process” while expanding the wireless network.

The software issue interrupted wireless service for hundreds of thousands of subscribers and prompted the FBI and US Department of Homeland Security to investigate the outage.

“Based on our initial review, we believe that today’s outage was caused by the application and execution of an incorrect process used as we were expanding our network, not a cyber attack,” an AT&T spokesman said in a statement. “We are continuing our assessment of today’s outage to ensure we keep delivering the service that our customers deserve.”

AT&T said all wireless service was restored Thursday afternoon, capping a day of frustration that began in the early hours of the morning New York time. AT&T customers filed more than 1.5 million outage reports on service-tracking website Downdetector.

The federal government began investigating whether the network failure was caused by a cyberattack, according to two US officials familiar with the situation, who requested anonymity to discuss sensitive information.

The Federal Communications Commission also has been in touch with AT&T to try and ascertain the cause, White House spokesman John Kirby told reporters earlier. “DHS and the FBI are looking into this as well, working with the tech industry, these network providers, to see what we can do from a federal perspective to enhance their investigative efforts to figure out what happened here,” Kirby said.

Early Thursday, mobile-phone customers from multiple carriers started reporting problems, but it soon became clear that AT&T’s network was the culprit. Outages were reported from cities including New York, Houston, Atlanta, Miami, Chicago and Dallas. The service disruption upended communications with emergency responders, and officials took to social media urging AT&T customers to use landlines to call 911 for emergencies.

With about 87 million subscribers, AT&T is the third-largest US retail wireless carrier, behind Verizon Communications Inc. and T-Mobile US…

Source…

Microsoft to offer free security feature after alleged China hack – Orange County Register

/in


By Andrew Martin | Bloomberg

Under pressure from US cybersecurity officials, Microsoft on Wednesday said it would provide free cloud security logs for all customers in the next few months.

Security logs are critical for detecting and preventing cybersecurity threats, in addition to allowing hacking victims to quickly take action following a breach, according to US officials. Microsoft currently charges for some forms of logging as a premium feature.

Microsoft said its decision was “in response to increasing frequency and evolution of nation-state cyberthreats.” Customers will receive detailed logs of email access and more than 30 other types of log data previously only available to customers paying for a premium service, the company said.

“These logs themselves do not prevent attacks, but they can be useful in digital forensics and incident response,” Vasu Jakkal, Microsoft’s corporate vice president for security, compliance, identity and management said, in a blog post.

The decision comes after suspected Chinese hackers infiltrated cloud-based email systems at about 25 organizations globally, including several US agencies. Commerce Secretary Gina Raimondo was among the US officials whose emails were breached.

A lack of logging complicated the investigation into the so-called SolarWinds attack, which was disclosed in 2020. In that incident, Russia state-sponsored hackers installed malicious code in software update from SolarWinds Corp., among other methods, to infiltrate nine US federal agencies and about 100 companies.

Source…

Orange Park Man Pleads Guilty To Receipt Of Child Sex Abuse Images Over The Internet | USAO-MDFL

/in


Jacksonville, Florida – United States Attorney Roger B. Handberg announces that Charles Lelande Boston (32, Orange Park) today pleaded guilty to receiving materials over the internet depicting the sexual abuse of children. Boston faces a minimum mandatory term of 5 years, and up to 20 years, in federal prison. Boston was arrested on August 12, 2021, and remains in custody. A sentencing hearing has not yet been scheduled.

According to the plea agreement, the Clay County Sheriff’s Office (CCSO) conducted an online investigation on a file-sharing network for files containing materials depicting the sexual abuse of children. In January, March, and April 2021, a CCSO detective connected with a computer that had files depicting the sexual abuse of children available online for sharing. Homeland Security Investigations and CCSO later executed a search warrant at the residence associated with that computer and Boston was determined to be the owner of the computer. An examination of Boston’s computer revealed a folder of downloaded files containing approximately 80 files depicting the sexual abuse of children.

This case was investigated by the Clay County Sheriff’s Office and Homeland Security Investigations. It is being prosecuted by Assistant United States Attorney Ashley Washington.

It is another case brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse.  Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims.  For more information about Project Safe Childhood, please visit www.justice.gov/psc.

Source…