Mediaboss Marketing

The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials.

The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with moderate confidence to North Koreas spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report.

The assessment states that cyber actors suspected to be sponsored by the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers.

[NSA officials worried about the day its potent hacking tool would get loose. Then it did.]

It was the first computer worm to be paired with ransomware, which encrypts data on victims computers and demands a ransom to restore access.

WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said. That is likely because an operational error has made the transactions easy to track, including by law enforcement.

As a result, no online currency exchange will touch it, said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. This is like knowingly taking tainted bills from a bank robbery, he said.

[Clues point to possible North Korean involvement in massive ransomware attack]

Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called the Lazarus Group, a name used by private-sector researchers.

One of the agencies reported that a prototype of WannaCry ransomware was found this spring in a non-Western bank. That data point was a building block for the North Korea assessment, the individual said.

The linkage shows that despite the Obama and Trump administrations efforts to deter North Korean aggression, the country does not appear to have been discouraged from launching one of the most wide-ranging cyberattacks the world has seen.

What it really confirms is that ... you dont have to be the best in the business to cause a lot of disruption, said Michael Sulmeyer, director of the cybersecurity project at Harvards Kennedy School. And thats what they showed they were willing and able to do.

The NSA declined to comment.

North Korea is one of the worlds most isolated countries, with very little computer infrastructure. Yet it has managed to deploy cyber capabilities to harass and annoy its rival, South Korea, and to generate revenue for the authoritarian regime.

Last year, security researchers identified North Korea as the culprit behind a series of cyber-enabled heists of banks in Asia, including one in Bangladesh that netted more than $81 million by manipulating the banks global payments messaging system.

The fact of a nation-state using cyber tools to rob banks, then-NSA Deputy Director Richard Ledgett said in March, represented a troubling new front in cyberwarfare. He did not name North Korea, but the allusion was clear. This is a big deal, he said.

North Korea in 2014 hacked Sony Pictures Entertainment and demanded that the movie studio pull a film that satirized the countrys leader, Kim Jong Un. The hackers disabled computers and released embarrassing company emails. But what tipped the scale for President Barack Obama was the threat to do more damage if the studio did not yank the movie a move that the administration viewed as an assault on free speech. The administration publicly blamed Pyongyang for the attack and imposed new economic sanctions on the regime.

The NSA cyber tool at the base of WannaCry was an exploit dubbed EternalBlue by the agency. It took advantage of a software flaw in some Microsoft Windows operating systems and enabled an attacker to gain access to those computers.

Although Microsoft, after being notified by the NSA, issued a patch for the software flaw in March, many companies around the world and some in the United States failed to update their machines and fell victim to the virus. Michael Daniel, president of the Cyber Threat Alliance, a nonprofit group devoted to improving cyberdefenses through data sharing, said there were a reasonable number of victims in the United States.

Microsoft declined to comment for this report.

Williams, who has closely studied the code, said he is convinced that the ransomware accidentally got loose in a testing phase. That would explain some of its shortcomings, such as an inability for the attacker to tell who has paid the ransom or not, he said.

Nonetheless, he said, this is a case where youve got a weaponized, government-sponsored exploit [or hacking tool] being used to deliver ransomware. If North Korea goes unchecked with this, I would expect other developing nations to follow suit. I think that would change the cyberthreat landscape quite a bit.

Daniel, who was Obamas cybersecurity coordinator, said there needs to be a broad-based approach to deterring North Korea across the board in the physical world and in cyberspace.

Federal prosecutors have been probing North Koreas role in the Bangladesh bank theft, and indictments could be issued. The Justice Department in recent years has used indictments as a tool to try to hold accountable hackers from other nation states, including China and Iran.

Rep. Adam B. Schiff (Calif.), the top Democrat on the House Intelligence Committee, which is investigating Russian interference in the 2016 election, has said that the Obama administrations response to North Korea after the Sony attack was not bold enough. I ... think the Russians were watching and decided that, well, we didnt respond to that. They could get away with a cyberattack, he said at a recent public discussion with Washington Post columnist David Ignatius.

When the South Koreans want to respond to North Korea, Schiff said, they use a form of information warfare. They do it with loudspeakers, he said. They do it by telling people in the North what a terrible regime they live under thats starving their own people.

See the rest here:
The NSA has linked the WannaCry computer worm to North Korea ... - Washington Post

The leaders of a key Senate panel are pressing the federal government for information about the security clearance of a government contractor recently accused of passing classified material to a news outlet.

Reality Leigh Winner was arrested by the FBI in early June and charged in federal court with violating a section of the Espionage Act. Her arrest has been linked to The Intercepts publication of a purported classified National Security Agency document detailing Russian hacking efforts aimed at U.S. election and voting infrastructure.

Winner, an Air Force veteran, had worked as a contractor at Pluribus International Corporation, was assigned to a government facility in Georgia and held a top-secret clearance, according to the criminal complaint.

The leaking of classified information jeopardizes our national security, McCaskill said in a statement. We need to determine if Ms. Winners security clearance process was handled correctly or if we missed any red flags.

Together, Johnson and McCaskill lead theSenate Homeland Security and Governmental Affairs Committee.

The letter was sent to Kathleen McGettigan, acting director of OPM. The lawmakers also asked the agency to explain the process by which a member of the military has a security clearance reactivated or transferred in order to be employed by the intelligence community, given Winners previous service in the Air Force.

Additionally, the senators asked what OPM is doing to comply with with a provision included in an appropriations measure passed last year that mandated a review of the federal governments enhanced security clearance program.

Winner was arrested at her home in Georgia on June 3 and the Department of Justice announced the charges days later. Winner allegedly printed and improperly removed classified intelligence in early May and later sent it by mail to an online news outlet.

Winners arrest was the latest in a string of leak incidents, an issue that has attracted attention since ex-NSA contractor Edward Snowdens disclosures to news publications in 2013.

In February, former NSA contractor Harold Martin was indicted for stealing thousands of intelligence files, including classified documents from the NSA, CIA and U.S. Cyber Command.

See the rest here:
Senators seek answers on alleged NSA leaker's security clearance - The Hill

COMODO Backup v4.

COMODO Backup has tons of great features for a free backup program. It can backup registry files, files and folders, email accounts, particular registry entries, IM conversations, browser data, partitions, or entire disks like the system drive.

Data can be backed up to a local or external drive, CD/DVD, network folder, FTP server, or sent to someone as an email.

Various backup file types are supported like creating a CBU, ZIP, or ISO file as well as running a two-way or one-way sync, using a regular copy function, or creating a self-extracting CBU file.

Depending on the backup file type you use with COMODO Backup, you can specify if it should be spliced into smaller pieces, compressed, and/or password protected.

The scheduling options are very specific, enabling a backup to run manually, at login, once, daily, weekly, monthly, when idle, or every so many minutes. Missed jobs can even be configured to run in silent mode so as to suppress all notifications and program windows.

Restoring files with COMODO Backup is really easy because you can mount the image file as a disk and browse through the backed up files as you would in Windows Explorer, copying out anything you wish. Alternatively, you can just restore the whole backup image to the original location.

COMODO Backup also supports email notifications, file exclusions by extension type, using Volume Shadow Copy for copying locked files, disk/partition mirroring, changing CPU and network priority, and running a custom program before and/or after a backup job.

COMODO Backup Review & Free Download

Note:During setup, COMODO Backup tries to install another program that you must deselect if you wish for it not to be added to your computer.

COMODO Backup works with Windows 10 down to Windows XP. More

See more here:
34 Free Backup Software Tools (Updated June 2017)

Credit: Wrike

After conducting extensive research and analysis in 2017,we recommend Wrike as the best free project management solution for 2017. We chose Wrike from a pool of the dozens of project management solutions we considered. To understand how we selected our best picks, you can find our methodology and a comprehensive list of project management solutions on our best picks page.

Wrike offers the only free project management solution on the market that allows users to create unlimited projects. Most other free versions are so limited that we felt hindered using them, but Wrike allowed us to fully explore project management without paying a dime. For small teams, startups and companies that only need the barebones of project management software, Wrike is an excellent free solution.

Ready to choose a project management solution? Here's a breakdown of our complete coverage:

Wrike's free version comes with limited features, but not so limited that it doesn't feel like true project management software. Its advantage over other free software is that users can create an unlimited number of projects. That said, access to more advanced features, including Gantt charts and subtasks, is completely restricted. For these, you have to subscribe to a paid service. Still, Wrike is one of the only services offering a free account with unlimited projects. That alone set it apart in our search for the best free software.

Wrike's free version is available for up to five users, making it suitable for small teams and startups. Larger teams or companies looking for a scalable solution will need to consider subscribing to a paid service. Still, for no cost, Wrike enables five users to work on an unlimited amount of projects. In the end, this is what distinguished Wrike from other free project management solutions we reviewed.

Editor's Note: Are you trying to choose a project management solution? If you're looking for information to help you choose the one that's right for you, use the questionnaire below to have Software Adviceprovide you with information from a variety of vendors for free:

Although Wrike's free features are quite limited, it still provides insight into how simple and intuitive a project manager it is. A clean, user-friendly interface makes navigation easy. Starting with the active user's inbox, topline navigation allows the user to easily cycle through the different pages, including active projects, dashboards, reports and an activity stream.

Similarly, adding new users and collaborators to projects is made as simple as point and click. There is also a series of keyboard shortcuts that allow users to quickly and easily create a new task, open a new tab, search, assign tasks and mark tasks as completed or active. Once users familiarize themselves with these hotkeys, navigating Wrike is even easier.

Wrike's design is user friendly and welcoming. With dark blues and light greens, as well as rounded edges, Wrike feels engaging without becoming overly professional. There's a "fun" feel to using the software; unlike some project managers that feel extremely technical, Wrike has made navigating its interface simple with a lot of point-and-click functionality and simple layouts that directly display necessary information without requiring users to search around for it.

In addition to a free version, Wrike offers several paid tiers at a per user, per month rate. Each level includes access to a free trial. Here's a look at each tier and the capabilities each one offers.

Our customer service experience was average. Our questions were answered to our satisfaction, but the first customer service representative we spoke to continuously suggested that we consider the paid version. They frequently cited the limited features of Wrike's free edition despite our firm insistence that we were only interested in the free option and had called to gain a better understanding of what it offered. Despite the sales pitch, all of our questions were answered and the pushiness was not repeated with subsequent calls.

Like some of our other best picks, Wrike maintains webinars, a blog and a "productivity tour" for users to refer to when they run into a problem or have a question about the software. These resources make it easier to figure out how to use Wrike or get even more out of the software without going to customer service or tech support. Best of all, Wrike has a built-in live chat function that allows you to contact the help center right in the software should you run into a problem.

There's also a question-and-answer portal that functions much like a search engine. Users can plug in key terms, such as "Gantt chart," and Wrike will return with a number of materials that match the query. In addition to this search engine functionality, Wrike maintains a community of users and forums on the company website. Most questions have already been asked and answered there, but if you find yourself with a unique problem, there's a good chance someone else has experienced it as well. There's also a place to share best practices with other users as you discover the best ways to leverage Wrike for your team.

Wrike's free edition is missing a lot of key features that many teams would find essential to a project management solution. The lack of Gantt charts and dashboards, as well as no ability to create subtasks, might be seen as serious drawbacks to companies that use project management software regularly.

However, for those teams that just need something quick, simple, and easy to use, Wrike will meet your needs again and again, without limit on the number of projects you can create.

For that reason, we recommend Wrike for teams that need a simple, basic level of service for free that can get them moving on multiple projects quickly. Teams with more advanced needs should consider one of the paid services on our best picks page.

Editor's Note: Are you trying to choose a project management solution? If you're looking for information to help you choose the one that's right for you, use the questionnaire below to have Software Adviceprovide you with information from a variety of vendors for free:

Adam received his Bachelor's degree in Political Science and Journalism & Media Studies at Rutgers University. He worked for a local newspaper and freelanced for several publications after graduating college. He can be reached by email, or follow him on Twitter.

Read the rest here:
Wrike: Best Free Project Management Software - Business News Daily

PrecisionHawks new PrecisionMapper service allows UAV operators to stitch an unlimited number of photos, create maps without resolution limits and run algorithms to analyse- all for free!

PrecisionHawk, a commercial drone and data company, has opened access to its professional mapping and analytics software, PrecisionMapper, for free. By eliminating the cost barrier, operators have the flexibility to bring their own drone and consistently generate value from aerial information.

Drones have the potential to capture more high-resolution data than any other technology, but we believe that drones are being under-utilised because of the cost barriers around processing, analytics and storage, said PrecisionHawk CEO Michael Chasen. Users should be able to walk into any store, buy a drone and use that drone to generate business insights for free.

We believe that this move allows more innovation from more people, Chasen continued. PrecisionHawk has gained a lot from the advanced thinking of this community, and this is our way of giving back.

By providing this software for free, PrecisionHawk is giving operators of drones with visual cameras the capability to explore the financial value of aerial data in any industry and is encouraging further use and adoption of drone technology.

Operators can quickly and easily upload imagery collected from a drone to PrecisionMapper. Using GPS information embedded within images, the software automatically stitches together a complete map, viewable in both 2D and 3D. Free users of PrecisionMapper can create up to 60 surveys a year without resolution or export limits.

In addition, users can add ground control points and access free analysis tools for construction, agriculture, insurance, and energy including:

When professionals have the opportunity to get hands-on experience with PrecisionMapper, they will be able to better understand the power of aerial data and how it can be best incorporated into their existing businesses, said Chasen.

Continue reading here:
PrecisionHawk launches free software for UAV mapping - Spatial Source