Jeffrey lives outside Boston with his wife and two kids. While brewing beer is still a great passion of his, his main hobby now is gardening — growing peppers for making super-hot sauces with. But in this interview, Jeff tells us how his life is greatly influenced by his work — as the Head of Regional Social Media show more ...
at Kaspersky. – Lets start from the beginning. When you were a child, you werent even able to dream about working for a cybersecurity company, since there was no such thing back then. So what did you dream about? – When I was a kid I wanted to be a Transformer! Like most kids, my mind was filled with fantasies and things that could take you outside whats normal. A lot of the things that I liked were tied to the sci-fi world. As I got older, I wanted to work in something where I could write or be a teacher. – Wow, I tried to be a writer myself. Did you get published? – Ive had some short stories and poetry published, but it never paid well so I looked for something in a different field. When it came to writing I wound up in sports public relations; I did really well there and turned down an offer of free higher education to become a university professor. – How come you switched from sports to cybersecurity? – I had the problem that occurs in many stories. Boy meets girl, they fall in love, blah, blah, blah. I met my then-wife while on a cruise ship and we had a long-distance relationship for a year. Then we decided it may work, so I quit and took a job in the e-commerce industry and moved to Boston. After eight years with that company I was looking for something new. A friend worked at Kaspersky and we connected. To be honest, I thought it was a boring industry and would be something short term. Boy, was I wrong. On my third day we announced the discovery of Duqu 2.0. – Aha, Duqu is a good example to explain what your job is about. What exactly you were doing when this research was revealed? – The night before, we were called to an obligatory meeting at 6am the next morning. At the time, I was like damn that sucks; what the hell is this?! I will never forget the calm voices of my colleagues discussing what happened and what we would be doing regarding the press conference, release, etc. Then came the message from Serge (the Head of Social Media) to meet him at the office at 8am to discuss things and to make sure that all the information for the blog was ready to go. Since this was only my third day, I had no clue what to expect. I was manning our social media accounts for the first time: every tweet, Facebook message or comment on blogs/news sites/reddit were coming to me. I did my best at the replies, but I had Serge with me in the States helping approve the messages. It was then that I knew this job was not going to be boring! Fast forward to today — with over a dozen crisis moments and major APT announcements — and Ive a whole different view on how things are handled. Now I am involved in the crafting of messaging, responses, and also what we should and shouldnt say publicly and on social media. And its funny, but we use Duqu as an example of how we were forged as a strong team. – Working for a foreign company, what kind of new experiences does it bring? – I had a bunch of questions at the outset that were playing off some stereotypes I had growing up during the Cold War in the U.S. I used to look at things through my narrow American lens. However, having worked here now for quite a long time managing a multinational team, Ive learned a lot. A lot of the conceptions I had were really changed. – Do you always understand your multinational colleagues? How often do they not understand what you are saying? – Yes, I have to slow how I speak and make sure that things are uttered perfectly —especially for those who dont have English as their first language. There are times when I still have to do a lot of retakes for how things are said. It still happens at least once a week now. When it comes to understanding, I think that we have a lot of good people who make it work — no matter the language. That is not just on social media, but with our larger team as well. I tried learning Russian and got to the level of maybe a preschool child, but had to stop due to lack of time. But even that taught me that the language barrier is real — you can understand how hard it is for others not speaking their mother tongue to communicate all day long, and that flips your perspective. – What were your main surprises about the real Russia when you first visited, if any? For example, one of my big surprises about the U.S. were the constant smiles on peoples faces! – The first thing that surprised me was that Russians are not as cold and hard as is often thought. Russian people are very warm: not something thats portrayed in movies. But one thing that I did not expect was just how cold — and also how hot — it can get in Russia. And the thing that I really have enjoyed with our colleagues is getting to learn more about how people were brought up, and the laughs that we can have regarding the political BS during the Cold War. Look at guys like me or you — we have a beer and we have a lot of things in common and we just want to lead good lives. Yes, there are differences, but, for real — were all people. And this is one of my favorite things; learning the culture and also trying out things like foods that are a bit different to what we have in the U.S. – Is it difficult to explain this view when you are back in the U.S.? How do Americans treat you when they learn you are working for Kaspersky? – When I first took the role, there were a lot of jokes that played into the Rocky IV movie with Ivan Drago and stuff like that. And no, while it sounds commonplace, I have yet to see a bear driving a car. From a family perspective, one of my nephews is convinced that Im a spy and tells people that that is what I do. Hell, I had a really interesting parent teacher conference when one of my kids told their teacher that I was a spy and thats why I travel so much for my job and why I go to Russia so much. One of the most common questions I get about going to Russia is whether or not its safe, if folks are scary, and things like that. A lot of it is still Cold War BS that comes up. When it comes to social media, you grow a thick skin. A lot of people make personal attacks. Nowadays its a lot of dealing with people who say that Kaspersky is part of the government — which is untrue. How I look at things: if you can have an educated conversation, its great, but if you have someone who just wants to be an ignorant ass — well, they really arent your friend to begin with. – Have you had a hard time over last two months coping with the social media storm against Kaspersky. What was the most difficult thing in this work? – I think that the people of Ukraine have it a lot harder — as do my friends and colleagues in Russia where economic sanctions are bringing them hardships. This is the life part that matters — not someone posting on social media. From a business standpoint, I look at a lot of the things that come at our company and at Eugene Kasperskys accounts. There are bots of course. Then there are social-signalers — people who reply to any account posting on particular topic or trend. In the current situation, these accounts are replying to any company or entity that hasnt stopped serving the Russian market. And of course theres no lack of random trolls who jump into any conversation. When it comes to personal accounts, perhaps the most tricky breed of trolling comes from people whom you know really well. The bigger issue has been talking to our employees and coaching them on how to reply to people and what can or cannot be said. This has been especially prominent with our EU colleagues. They are going to work and collecting pay and happen to work for a Russia-founded company. So they get questions. The problem is that many people are now tying working at a Russian company to being akin to working for the Russian government. Which is obviously not the case at all. – Finally, lets try to look into the future. In your opinion, how will the situation in cybersecurity change after this conflict? For example, some Western politicians tell folks not to use Kaspersky products just because theyre from a Russia-based company. Arent they opening their doors to hackers? – This is a tricky question. From a future standpoint, the private and public sector need to work better together. Cybercrime is not going away and neither are state-sponsored attacks. One of the things that makes Kaspersky unique is that we frankly dont care where a threat comes from. We report on them all and will work with any law enforcement body to stop cybercriminals. We have in the past helped out the U.S. and EU governments who now shun us publicly — but that is politics. It would do a disservice to everyone if countries will stop cooperating on cybersafety or split this cooperation by arbitrary bloc borders. I really just hope that people will realize that were a global society and not just lines drawn on a map. Any company that is not looking to actively protect their customers against cybersecurity risks is really failing.
A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners.
Tracked as CVE-2022-27505, the newly resolved high-severity issue in SD-WAN is a reflected cross-site scripting (XSS) vulnerability that exists because input isn’t properly neutralized during web page generation.
Most of these messages promise free gifts and/or offers after having paid bills. Nobody has asked for these texts, and they’re not being sent by providers of any services.
The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of ICS and SCADA devices from Schneider Electric, OMRON, and Open Platform Communications.
This vulnerability, identified as CVE-2022-1329, is extremely severe. With over 5 million active installations of Elementor at the time of writing, a significant number of websites are impacted.
Securden makes products that secure access across IT, DevOps, and cloud environments, meaning they can manage passwords for IT teams, govern privileged access, and even enable remote access without a VPN.
The CISA has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.
Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.
When changes were made to existing policies, they were driven by factors including remote working demands, supply chain failures, increased cyberattack rates, and employee turnover.
Managed detection and response (MDR) solutions provider Critical Start on Tuesday announced that it has received more than $215 million in strategic growth funding from private equity firm Vista Equity Partners.
Cisco announced on Wednesday that updates released for its Wireless LAN Controller (WLC) software address a critical vulnerability that could allow an attacker to bypass authentication.
The ZLoader botnet has been disrupted, after the U.S. Court for the Northern District of Georgia issued a court order that enabled Microsoft to take control of 65 domains used by the ZLoader threat actors.
Check Point researchers have disclosed a now-fixed security flaw in the Rarible NFT marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets.
This newly discovered malware, named Fodcha by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), has spread to over 62,000 devices between March 29 and April 10.
On Tuesday, the wind turbine maker published an updated incident notification, saying that it was still working on restoring systems to “enable business continuity and resume normal operations as soon as reasonably practicable.”
The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. In the past, it targeted the defense, government, and engineering sectors.
Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.
The FBI is receiving an increasing number of reports of adults posing as age-appropriate females coercing young boys through social media to produce sexual images and videos and then extorting money from them.
This information stealer, first introduced to the wild in March 2022, is currently undergoing active development and multiple releases of new versions have been observed recently.
John Tobon, HSI’s special agent in charge in Hawaii, told a local news station that investigators found that the attackers had obtained credentials that allowed access to an unnamed company’s systems.
While the Q3 2021 average ransom paid was atypically high, the entire 2021 ransoms paid by quarter average was ~$167k, 44.2% less than the Q3 figure, according to a report by Corvus Insurance.
The funding was led by Menlo Ventures, Norwest Venture Partners, and IVP, with participation from existing investors Greylock, Wing, and GV. Obsidian will add Menlo Ventures Partner Venky Ganesan to its board of directors.
Windows hosts running the Server Message Block protocol (SMB protocol) are vulnerable to this bug. SMB protocols allow users to share access to files and tools on remote servers.
The advisory highlights that OPC Unified Architecture (OPC UA) servers and multiple versions of Programmable Logic Controllers (PLCs) from Schneider Electric, and OMRON are vulnerable to such attacks.
According to researchers, the campaign was first observed in April and aims to steal data from individuals in South Korea. They are targeted via spear-phishing emails that include malicious Word documents.
Microsoft linked the Chinese-backed Hafnium group to a defense evasion malware Tarrask used by cybercriminals to attain persistence on compromised Windows environments. Researchers uncovered a recent malicious activity wherein hackers abused an unpatched zero-day vulnerability for their initial attack vectors. show more ...
Experts suggest finding these hidden tasks by closer manual inspection of the Windows Registry and looking for scheduled tasks without an SD Value within their Task Key.
The startup said it plans to use the money to scale its SaaS data security product offerings, fuel global growth through aggressive hiring, and build strategic partner programs.
Red Hat Security Advisory 2022-1373-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Ubuntu Security Notice 5378-4 - USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
Ubuntu Security Notice 5378-3 - USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
Red Hat Security Advisory 2022-1361-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for show more ...
Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-1248-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.48. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-1360-01 - This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Red Hat Security Advisory 2022-1354-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Red Hat Security Advisory 2022-1372-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, compromise, and control
A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The
Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a
A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore
Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full control of the victim's crypto wallet to steal funds," Check Point researchers Roman Zaikin, Dikla
A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet
Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook - but why? Scammers have found a new way to gain access to your most sensitive information - but how? And armchair detectives are helping investigating cold cases involving DNA - but should they? All this and much more is show more ...
discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure. Read more in my article on the Tripwire State of Security blog.