Mediaboss Marketing

Vinnie Liu was only 17 years old when he landed his first job the National Security Agency (NSA). The year was 1999, and he worked onsignals intelligence gathering.

It was a formidable but typical start for Liu, now Bishop Fox CEO and co-founder. The NSA was looking for promising high school graduates with proven fluency in hacking and programming languages. Liu, then an incoming computer science majorwith apsychology minor at the University of Pennsylvania, spent two years commuting from Philadelphia to the NSA satellite office in Baltimore. His first year was focused on red-team hacking and the second on specialized tool development.

Working at the NSA really opened my eyes into how deep you can get, into how deep this rabbit hole can go," Liu says. "I had grown up with bulletin-board systems on the Internet. Cybersecurity wasnt even a term people used.

Thats about all he will say about his work at the NSA, except that it involved nation-state actors. But the experience left a lasting imprint.

It gave me a huge sense of being mission-driven, Liu says. Were missionaries, not mercenaries. Our mission, fundamentally, is to keep people safe both online and offline.

That mission ultimately manifested itself as Bishop Fox, an offensive security firm whose team of hackers pretend to be villains. In other words, they try every possible way to penetrate a clients security defenses, including adversary simulations and purple teaming (red teaming and advising the clients blue team at the same time).

But for all the criminal cunning that Bishop Fox staff need to employ, Liu thinks of the companys work in medical terms. Bishop Fox, he says, is the doctors doctor.

There are so many similarities between good health practice and security, he tells Dark Reading. You dont just prescribe pills and thats it. You dont eat healthy and exercise once and thats it.

This approach is a view into the two personal qualities underlying Lius success: his sense of purpose missionaries, not mercenaries and his palpable scorn for complacency. Lius brand of optimism is hard, even austere.

People in the industry have too pessimistic a view, he says. I dont even like the joke, 'Its not if you get hacked, but when.' Our whole philosophy is defending forward.

Career PathLike many successful tech firms, Bishop Fox has humble origins: the living room of a bachelor pad.

Liu had graduated from Penn in 2003, having focused on network security and adaptive intrusion detection services. He then joined Ernst & Young as a security consultant, performing penetration testing for Fortune 500 clients. Liu calls Ernst & Youngs Advanced Security Center a kind of NSA for the private sector.

Working with Liu at Ernst & Young was Francis Brown, now on Bishop Foxs board. Brown and Liu had lived on the same hall as freshmen at Penn, and both studied computer science. They were the only first-year students in their program who did not drop out within the year, Liu says. The two friends lived as housemates in Arizona, where as long as we could afford pizza and Internet, we were good to go.

Honeywell would eventually poach both men from Ernst & Young; Liu would lead Honeywells global penetration testing team, plus the teams of Honeywells various subsidiaries. The chance to build up Honeywells team was an exciting prospect, but turned out to be a limited opportunity: Once the team was built, the slower pace of work left Liu (and Brown) restless. Liu had outgrown the role; by 2005 he was speaking at conferences like Black Hat on how to bypass anti-forensic tools a skill he had been developing since his teens. Both Liu and Brown started moonlighting as independent security professionals.

Then one day, in 2006, Liu, Brown, and a third contributor sat in the living room and toyed with the idea of launching a security services startup.

We said, Why not? Liu remembers. We were really enjoying this.

From 2006 to 2009, we were a lifestyle company, says Liu, referring to the fact that the company was still kind of a hobby for them. In 2009 they switched to a professional mindset, and Bishop Fox was born. Liu and his partners set about recruiting the best talent they could find and attracting bigger and bigger-name clients. Their revenue rose, despite launching during the Great Recession.

It was also the Titan Rain era when a string of attacks believed to be the work of Chinese state-sponsored actors compromised a number of government agencies in the United States and United Kingdom and companies and government agencies were beginning to realize how vulnerable they really were. Binary analysis and incident-response forensics were suddenly in high demand. Liu was one of only a few hundred people in the United States who had any experience with both of these functions, and most of his peers had only worked with disk forensics.

We sucked at it back then! he laughs. Everyone did. We were playing catch-up with the people writing the viruses.

Fast-Forward to NowThese days Bishop Fox offers various assessment tests, including the comprehensive 4+1 methodology, in which several assessments and simulations are built around a central tabletop exercise. But all of the company's services involve continuous work with a clients developers, architects, and teams, rather than the waterfall style of performing one test here and another test there. Sometimes an assessment alone can take two months to complete.

This is not a let me just kick the tires kind of scan, Liu says. We look at code. We look at business logic issues. We like to find the hard problems, we always exploit, and were going to chase it down all the way.

Liu doesn't let clients rest on their brand-new tools or infrastructure either. Youve got to get the basics right," he says. "We teach them how to take a punch and keep going.

Twelve years later, the threats have grown, attackers have become more sophisticated, and defenders are changing how they approach security. Liu has observed security teams shift away from compliance-based security and toward ongoing, developmental security operations.

What does that mean for Bishop Fox?

Weve been very discreet, says Liu. I think its time to come out of our shell. Weve done good work with big name clients. Its time to go out into the world and talk, to bring good work to more people.

The landscape may have changed, but Lius mission hasnt: keeping people safe, online and off.

PERSONALITY BYTES

What is Vinnie Lius greatest success? This sounds terrible, but Im really proud of the people who have come through Bishop Fox. Some of our alumni have become CISOs at publicly traded companies. Recruiters will just hang up if they hear you work at Bishop Fox [because they know how hard it is to hire people away].

One thing his colleagues would never guess about him? I dance goofy, I sing loudly, roll on the ground, make faces. Ill do anything to make my kids laugh and smile.

His dream job if he worked in a different industry? Definitely something where I make things with my hands food for people, construction, etc.

Favorite thing to do in his spare time? My pandemic skill has been failing to grow things in my garden. The universe has somehow blighted the 32-square-feet of backyard where my garden lies.

Favorite book? Im a huge sci-fi/fantasy book nerd. The more space battles, wizards, and aliens, the better.

Read more:
Vinnie Liu Has a Mission: Keeping People Safe Online and Offline - DARKReading

Mayor Libby Schaaf, Chief LeRonne Armstrong and members of OPDs command staff appeared before federal Judge William Orrick on Wednesday afternoon, the first hearing after the release of an outside law firms investigation into last years Instagram scandal.

Orrick commended OPD leadership for making strides to achieve court-mandated reforms during a challenging and violent year that included 134 homicides, the highest number in over a decade. Despite the progress, Orrick said the police department is not yet ready to begin a transition period that would result in the conclusion of the nearly two decade long federal court oversight.

The reform effort, known as the Negotiated Settlement Agreement, dates back to 2003 and stems from a civil rights lawsuit alleging a group of officers known as the Riders beat and planted drugs on West Oakland residents. Under the settlements terms, the police department was placed under the supervision of a federal judge and independent monitor. The oversight was later expanded to include a compliance director. Robert Warshaw, a retired Rochester, N.Y. police chief, currently serves as both monitor and compliance director and reports to Judge Orrick.

The Oaklandside listened in on Wednesdays hearing held via Zoom. Here are some of the major takeaways.

Of the 52 tasks identified in the NSA, OPD remains out of full compliance with five tasks related to how the department investigates use of force by officers, whether discipline is consistently and fairly applied against OPD employees who violate city rules, how OPD collects and uses data to reduce racial disparities in traffic stops, whether internal affairs investigations are finished within a required timeframe, and whether OPD is properly handling internal affairs complaints.

Orrick also singled out ongoing failures of officers to activate their body-worn cameras. A November report issued by monitor Warshaw found 15 instances, in a review of 69 use of force cases, where officers did not properly activate their body-worn cameras, including failures to activate, delays in activation, and other problems.

The judge was particularly concerned with the findings of an outside law firm, which investigated an Instagram account that spread anti police reform, misogynist, and racist content which was viewed by current OPD officers. San Francisco-based law firm Clarence Dyer & Cohen LLP in a 23-page report concluded that the Oakland Police Department, at all levels, took much too long to recognize the bigoted and corrosive nature of the Instagram posts. The account @crimereductionteam was run by an Oakalnd police officer who was fired for a 2018 fatal police shooting. In all, nine officers were disciplined related to the internal affairs case.

The Instagram investigation spotlighted a number of troubling problems. The one that concerns me the most was the failure of leadership of the department to recognize the corrosive impact of that account and how it undermined everything that the NSA was intended to accomplish, Orrick said.

Mayor Schaaf did not hold back when addressing the social media account. Schaaf said the accounts content literally vomited on all the values Oakland holds dear.

Everyone on this call felt the heat of my wrath when that ungodly, embarrassing, horrific Instagram account was discovered, Schaaf told the judge. I appreciated that no one made excuses even though it was a chaotic time in our city.

The outside investigators recommended that OPD create a social media policy and rules for using personal devices (phones, tablets, etc.) for work. The report also advised the city to build on the citys existing anti-discrimination policy. Orrick called on OPD to swiftly implement those recommendations.

Orrick commended OPD for conducting comprehensive use of force investigations and reducing racial disparities in traffic stops. The total number of stops carried out by OPD officers has decreased dramatically over the past several years. However, Black people continue to be stopped at higher rates than other racial groups. Recently, stops of Latinos increased by 5%.

The judge also praised Armstrong and the OPD command staff for the diversity of police recruits in recent academies, though he said he would like to see more women in the training programs.

OPD is justified to be very proud of these accomplishments, which are core to the NSA, Orrick said. I recognize that given the detail in the NSA, its hard to ensure each part is always in compliance.

Among the 39 trainees in the departments 187th Police Academy, which just got underway, are 7 women and 32 men. According to OPD, 12 are Oakland residents and 15 are Hispanic, 11 Black, 4 Asian, 3 white, and 6 identify as some other racial group, making it one of the most diverse academies in OPDs history.

The progress came despite a challenging two years combating violent crime on city streets amid a global pandemic. Oakland recorded 109 homicides in 2020 and 134 in 2021, the highest number of killings since 2006. Mayor Schaaf told Orrick that OPDs ranks also dropped to its lowest number in a decade: 676.

While Orrick acknowledged the challenging times he said, I dont see any of that as excuses or reasons to set aside the NSA or the prior orders of the court.

Attorneys Jim Chanin and John Burris, who represent the mostly Black Oakland residents whose lawsuit led to the NSA, had asked the court last year to consider winding down the oversight program, given the accomplishments made under Armstrong. But the Instagram case, the attorneys wrote in a court brief filed in December, showed there are still officers who are hostile to reform.

I think the fact that we had a scandal like this in 2021 over 20 years after this case started is depressing, Chanin told the court. I sometimes wonder if (an Oaklandside reporter) had not discovered the memes, if they would ever have become public. I wonder why this case wasnt referred to internal affairs when nearly every member of OPD had been tipped off via email.

Chanin and Burris said in order to begin the one-year sustainability periodafter showing it can maintain compliance with all 52 tasks for a year the NSA can be endedthe department needs to finalize its risk management and social media policies, in addition to completing the remaining tasks. The attorneys would like to see the sustainability period begin sometime this year.

The current command staff has an opportunity to push OPD over the goal line and attain compliance with the NSA, the attorneys wrote in their court brief. If they succeed, and the Department succeeds, the personnel who are responsible for this success will be remembered long after the NSA is over. OPD should seize this opportunity to be remembered by current and future residents of Oakland as having accomplished something that has eluded a long line of its predecessors.

The next hearing before Orrick is scheduled for late April. The judge asked that OPD, the city and the plaintiff attorneys come prepared to address cultural issues within the department and what they think the courts oversight should be moving forward.

Im going to assume that all of the structures of the NSA will have been in place and complied with, said Orrick. I want to know how the court can be helpful to assure the permanence of the impressive accomplishments made thus far and the ultimate substantial compliance with the NSA.

Continued here:
Federal judge: OPD Instagram case 'spotlighted a number of troubling problems' - The Oaklandside

Major government security agencies around the world have issued a joint advisory on the Apache Log4j vulnerability that offers technical details, mitigations and resources on what top security officials are calling one of the most severe vulnerabilities ever discovered.

The agencies taking the lead in the United States include the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI. Other nations involved include Australia, Canada, New Zealand, and the United Kingdom.

The joint advisory is a response to the active, worldwide exploitationby numerous threat actors including two ransomware groups thus far of vulnerabilities foundinthewidely-used Java-based logging package Log4j. The security world has been on edge since Log4j was first reported publicly last week. The first attack on a government agency was sustained earlier this week by the Ministry of Defense in Belgium when its email servers went down.

Log4j vulnerabilities present a severe and ongoing threat to organizations and governments around the world, said CISA Director Jen Easterly. We implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks. CISA is working shoulder-to-shoulder with our interagency, private sector, and international partners to understand the severe risks associated with Log4j vulnerabilities and provide actionable information for all organizations to promptly implement appropriate mitigations.

FBI Cyber Division Assistant Director Bryan Vorndran, urged any organization impacted by the Log4j vulnerability to apply all the mitigations recommended by CISA and visit fbi.gov/log4j to report details of any suspected compromises.

CISAhas created a dedicatedLog4j webpageto offer an authoritative, up-to-date resource withmitigation guidance andresources for network defenders, as well as a community-sourcedGitHubrepositoryof affected devices and services.Organizational leaders should also review the blog post by the UK's National Cyber Security Centre: Log4j vulnerability: what should boards be asking?, for information on Log4Shells possible impact on their organization as well as response recommendations.

CISA today also notified the industry in a tweet about #HackDHS, Homeland Securitys expanded bug bounty program to find and patch Log4j-related vulnerabilities in DHS systems. CISA Director Jen Easterly said the hacker community plays a strong role in keeping the government safe, and looks forward to working more closely.

Here is the original post:
CISA, FBI and NSA issue joint advisory on Log4j with international security agencies - SC Magazine

Following the incident, the BJP workers raised slogans outside the Lohamandi Police station, demanding the arrest of all accused. (Image: India Today)

Ten people have been arrested in connection with an attack on Seva Bharati office in Agras Motikunj on Sunday night. The police are also trying to identify other miscreants who were reportedly involved in the attack.

The incident took place on December 26 when some youths, who were reportedly under the influence of alcohol, created a ruckus near the Seva Bharati office in Agra. When they were asked to stop, the youths started pelting stones at the office.

The police reached the spot soon after getting information about the incident and a case was registered.

ALSO READ: Chandigarh: Auto driver throws stones at cop after being pulled up over parking

BJP MLA Yogendra Upadhyay, along with supporters, also reached the spot and demanded the arrest of the youths involved. The BJP workers created a ruckus for hours at the Lohamandi Police station. They raised slogans and demanded the arrest of all accused.

Senior Superintendent of Police Sudhir Kumar Singh pacified the matter and assured that strict action would be taken.

Speaking to India Today, Sudhir Kumar Singh said that action is being taken against the accused under the Gangster Act and National Security Act (NSA). He said that five workers, including office in-charge Shivam, were injured in an attack by antisocial elements on the Seva Bharati office in Moti Kunj last night, following which a case was registered against two known and 40-50 unidentified assailants.

Shivam and Vikas, who sustained injuries in the attack, reside in the Seva Bharati office. Both are residents of Fatehabad.

Sami Aghai, president of the Bharatiya Muslim Development Council, said that no culprit should be spared, but innocents should not be harassed. Aghai claimed that some people are unnecessarily trying to pollute the environment and appealed to the administrative officers to keep an eye on such elements and take strict action.

ALSO READ: Uttar Pradesh: Body found in Kanpur, police suspect doctor accused of killing wife, kids killed self

Click here for IndiaToday.ins complete coverage of the coronavirus pandemic.

More:
Agra: 10 held in connection with attack on Seva Bharati office; NSA invoked against accused - India Today

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.

DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among others, under a dispatch titled "Lost in Translation." Also included in the leaks was EternalBlue, a cyberattack exploit developed by the U.S. National Security Agency (NSA) that enabled threat actors to carry out the NotPetya ransomware attack on unpatched Windows computers.

The tool is a modular, stealthy, and fully functional framework that relies on dozens of plugins for post-exploitation activities on Windows and Linux hosts. DoubleFeature is one among them, which functions as a "diagnostic tool for victim machines carrying DanderSpritz," researchers from Check Point said in a new report published Monday.

"DoubleFeature could be used as a sort of Rosetta Stone for better understanding DanderSpritz modules, and systems compromised by them," the Israeli cybersecurity firm added. "It's an incident response team's pipe dream."

Designed to maintain a log of the types of tools that could be deployed on a target machine, DoubleFeature is a Python-based dashboard that also doubles up as a reporting utility to exfiltrate the logging information from the infected machine to an attacker-controlled server. The output is interpreted using a specialized executable named "DoubleFeatureReader.exe."

Some of the plugins monitored by DoubleFeature include remote access tools called UnitedRake (aka EquationDrug) and PeddleCheap, a stealthy data exfiltration backdoor dubbed StraitBizarre, an espionage platform called KillSuit (aka GrayFish), a persistence toolset named DiveBar, a covert network access driver called FlewAvenue, and a validator implant named MistyVeal that verifies if the compromised system is indeed an authentic victim machine and not a research environment.

"Sometimes, the world of high-tier APT tools and the world of ordinary malware can seem like two parallel universes," the researchers said. "Nation-state actors tend to [maintain] clandestine, gigantic codebases, sporting a huge gamut of features that have been cultivated over decades due to practical need. It turns out we too are still slowly chewing on the 4-year-old leak that revealed DanderSpritz to us, and gaining new insights."

More here:
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers - The Hacker News