Items tagged with cybersecurity

In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans. According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available... Read more...
Do we need a “digital” Geneva Convention? Microsoft certainly thinks so. The corporation’s Chief Legal Officer Brad Smith recently argued that a digital Geneva Convention would potentially be able to protect civilians from state-sponsored cyber-warfare. First, what is the Geneva Convention? The Geneva Convention is comprised of four treaties and three protocols that outline the international law for humanitarian treatment in war. One of the main purposes of the Geneva Convention is to protect civilians, soldiers incapable of fighting, and prisoners of war.Smith noted that 74 percent of businesses... Read more...
What do you collect? Rare stamps? Falcons fans’ tears? How about classified national defense documents? Former National Security Agency (NSA) contractor Harold Thomas Martin III was recently indicted by a federal grand jury on the charge that he purposely collected classified information regarding national defense. He faces twenty criminal accounts, each punishable by up to 10 years in prison. Rod J. Rosenstein, the United States attorney for Maryland, remarked, “The indictment alleges that for as long as two decades, Harold Martin flagrantly abused the trust placed in him by the government by... Read more...
The White House recently appointed Gregory Touhill, a retired U.S. Air Force brigadier general, as the government’s first federal cyber security chief. The position was announced eight months ago as an attempt prevent and defend against hackers. The position is part of a $19 billion “cyber security national action plan”. Touhill will be responsible for creating and implementing new cyber security plans as well as conducting audits. He will report to Tony Scott, the federal chief information officer and former executive at business software company VMware. Touhill could potentially be replaced when... Read more...
If you have an iPhone, there's a chance that nefarious parties not affiliated with Apple could be tracking you. However, Apple’s latest update, iOS 9.3.5, eliminates several critical security and privacy exploits and should [hopefully] keep you safe. NSO Group, an Israeli startup that sells software that can track mobile phones, was responsible for the intrusion. Its software can read text messages and emails, track calls and contacts, record sounds, collect passwords, and physically locate the mobile phone user. NSO Group executives have boasted that its spyware functions like a “ghost” and... Read more...
Azure customers are getting a welcomed safety upgrade. Microsoft announced Azure Information Protection, a service that works to secure a company’s data, particularly employee identities. This service was made possible through Microsoft's acquisition in November of Secure Islands, an “innovator in advanced information protection solutions”. Microsoft CEO Satya Nadella in Washington D.C. announcing cybersecurity plans in November 2015 In November, Microsoft demonstrated how Windows 10, Office 365, Microsoft Azure, and Microsoft Enterprise Mobility Suite work in tandem to protect against password... Read more...
Last month, US and Chinese governments agreed to a "digital truce", where neither country would knowingly support cyberattacks against each other to steal commercial secrets. While the agreement is solid overall, it does have a number of caveats, including the lack of protection where government secrets are concerned. Nonetheless, based on the findings of security research firm CrowdStrike, it seems like this agreement could be considered pointless. Since the agreement took place, CrowdStrike monitored seven different instances where Chinese-based hackers tried to penetrate U.S. businesses. Five... Read more...
As the years pass, our lives continue to become intertwined even more with the Internet. Today, the Internet acts as a backbone to critical infrastructure, and much like the risk of someone exploiting a flaw to break into our home PC, a real risk exists that enemies of the government could break into and cause harm to utilities. It's for that reason that all governments are overdue on penning up agreements with friendly countries to lessen the chance of a cyberattack. Nonetheless, it's being reported that President Obama is going to be taking some important steps in this when... Read more...
In line with a HotHardware report published last October, officials yesterday confirmed to CNN that the White House was hacked last year and that the alleged culprit is the Russian government. The hackers — believed to be the same group that managed to gain entry to State Department computer system last October — were able to access sensitive information regarding President Barack Obama, including his private schedule. White House officials say although these cyber-attacks are among the most advanced to ever hit the US government, no classified systems were in breach. “This report is not referring... Read more...
U.S. President Barack Obama is getting a little hot under the collar, and we’re not talking about the speech that Israeli Prime Minister Benjamin Netanyahu gave this morning. Instead, President Obama is troubled over new regulations that are being proposed by the Chinese government, which would affect American tech companies that conduct business within China’s borders. President Obama is fearful that China’s plans — which include allowing the Chinese government to install security backdoors, requiring companies to hand over encryption keys, and keeping user data on Chinese soil — are an assault... Read more...
When engaged in war, it's of utmost importance to keep plans and secrets secure. On the other side of the coin, it's likewise important to do what you can to gather intelligence on the opposition -- something quite difficult given the obvious fact that the opposition is also doing its best to keep its secrets, secret. But lest we forget that there are sometimes much easier ways to get information you need. Sometimes it can involve social engineering of the most modest levels, because after all, the bearers of this important information are still human. Hackers targeting the Syrian opposition (an... Read more...
Sometimes, it just makes sense to go open source. We've seen Microsoft do it, and we've seen Google do it. Now, we see none other than the US Department of Defense do it, with DShell, a network foresnics tool. It's an impressive thing to see the DoD release a home-built tool to the wild, but like most moves to open source, the agency has reached a ceiling and now welcomes improvements from outside sources. Whenever the DoD gets hit by a cyber attack, DShell is brought in to analyze the what and where of it. It seems certain that an agency like the DoD would see some unique attacks, but for the... Read more...
It should strike no one as a surprise at this point that the US and China have a bit of a strained relationship when it comes to trust. Both have accused each other of cyber offenses, and likewise, neither has much faith in the products it sources from the other. Post-Snowden, the situation has only become worse. That leads us to this point, where China is demanding that American companies that sell software products to Chinese banks must hand over their source code to be reviewed. And, it gets even better. China also wants these same companies to begin using Beijing-sanctioned algorithms in lieu... Read more...
Most of the time, when we hear about data breaches, it's because companies have either been compromised or failed to properly protect data. This time around, however, it's the United Postal Service in the limelight. Data on as many as 800,000 employees may have been stolen along with data on customers who called the USPS' various call centers between January and August of this year. USPS spokesperson David Partenheimer told Reuters that "The intrusion is limited in scope and all operations of the Postal Service are functioning normally." What appears to set this attack apart from most other intrusions... Read more...
1 2 Next