Chris Bing – Page 14 – WindowsTechs.com

How DJI fumbled its bug bounty program and created a PR nightmare

Posted on November 30, 2017 by Chris Bing

A software vulnerability disclosure program recently launched by popular drone maker DJI has turned into a messy public relations battle pitting several security researchers against the growing Chinese technology firm. After DJI recently launched a bug bounty program, two researchers — Sean Malia and Kevin Finisterre — publicly disclosed vulnerabilities in DJI products. The revelations resulted in the company challenging each researcher’s findings and seemingly threatening one with a lawsuit tied to the Computer Fraud and Abuse Act. For researchers who have been poking and prodding DJI’s digital properties and products for about three months, Malia and Finisterre stories strike a familiar tone. Several researchers who approached DJI with information about evident vulnerabilities say the outcome has been less than satisfactory. DJI disputes aspects of some of these accounts, but experts say the firm has gone too far. “Many companies mistake a bug bounty program for a penetration test, in which the […]

The post How DJI fumbled its bug bounty program and created a PR nightmare appeared first on Cyberscoop.

Continue reading How DJI fumbled its bug bounty program and created a PR nightmare→

Top secret Army, NSA data found on public internet due to misconfigured AWS server

Posted on November 28, 2017 by Chris Bing

A misconfigured Amazon Web Services server operated by the U.S. Army’s Intelligence and Security Command was publicly available on the open internet, according to findings by UpGuard researcher Chris Vickery. The hard drive’s content, which included classified material belonging to the National Security Agency, was stored on a unprotected, unlisted server, containing information about an outdated Army intelligence sharing project codenamed “Red Disk.” Red Disk represents a defunct project that was previously spearheaded by INSCOM in order to improve one of the Army’s legacy platforms known as the distributed common ground system (DCGS). Red Disk was meant to act as a customizable cloud system for soldiers and other operators in field to access, organize and share active reports regarding military activities, including information gathering efforts. The publicly accessible files provide an overview of how Red Disk functioned and could have been deployed. Other confidential information stored on the disk image included a […]

The post Top secret Army, NSA data found on public internet due to misconfigured AWS server appeared first on Cyberscoop.

Continue reading Top secret Army, NSA data found on public internet due to misconfigured AWS server→

DOJ reveals indictment against Chinese cyber spies that stole U.S. business secrets

Posted on November 27, 2017 by Chris Bing

A group of Chinese hackers recently indicted by the Department of Justice were involved in an international cyber espionage operation connected to a foreign intelligence agency, security researchers tell CyberScoop. On Monday, senior Justice Department officials announced eight relevant criminal charges against the Chinese hackers. Although the indictment was originally issued in September, it was sealed until Monday. The criminal activity allegedly dates as far back as 2011. Court documents describe that Chinese nationals Wu Yingzhuo, Dong Hao and Xia Lei hacked into and stole data from several American companies, including Siemens AG, Moody’s Analytics and GPS technology company Trimble. The trio worked together at a company named Boyusec, also known as the Guangzhou Bo Yu Information Technology Co. Business registration records show that Wu and Dong are executives at Boyusec. Conservative news outlet The Washington Free Beacon reported in November 2016 that Boyusec, which it described as a Chinese cybersecurity firm, […]

The post DOJ reveals indictment against Chinese cyber spies that stole U.S. business secrets appeared first on Cyberscoop.

Continue reading DOJ reveals indictment against Chinese cyber spies that stole U.S. business secrets→

Lawmakers demand answers from Uber after massive data breach

Posted on November 27, 2017 by Chris Bing

Five U.S. senators sent letters to Uber Monday, pressing the company’s leadership for information on a data breach affecting millions of its consumers and the subsequent attempt to cover up the incident. The breach — which took place in October 2016 — provided hackers with the names and driver’s license numbers of roughly 600,000 drivers as well as the personal phone numbers and email addresses of 57 million riders. Instead of disclosing the breach, Uber paid a fee of $100,000 to the hackers, asking them to delete the stolen data. A letter co-authored by Sens. John Thune, R-S.D., Orrin Hatch, R-Utah, Jerry Moran, R-Kansas, and Bill Cassidy, R-La., presented a series of questions to Uber’s CEO, Dara Khosrowshahi, regarding the company’s past conduct and its plans to protect user data in the future. “Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the […]

The post Lawmakers demand answers from Uber after massive data breach appeared first on Cyberscoop.

Continue reading Lawmakers demand answers from Uber after massive data breach→

McAfee acquires Skyhigh Networks to expand offerings after Intel split

Posted on November 27, 2017 by Chris Bing

California-based cybersecurity giant McAfee announced plans Monday to acquire Skyhigh Networks, a cloud data storage security firm, in order to expand the company’s offerings as it looks to establishes itself once again as a standalone brand. The purchase comes less than eight months after McAfee was spun out of technology behemoth Intel. “Skyhigh’s leadership in cloud security, combined with McAfee’s security portfolio strength, will set the company apart in helping organizations operate freely and securely to reach their full potential,” stated McAfee CEO Chris Young. The deal represents McAfee’s first foray into the cloud access security broker (CASB) market segment, which has seen multiple company acquisitions in the last year. In practice, CASB technology is commonly used by customers to ensure that they are compliant with insurance guidelines as well as federal, state and local rules concerning security measures surrounding customer data storage. Other competing cloud access security brokers include […]

The post McAfee acquires Skyhigh Networks to expand offerings after Intel split appeared first on Cyberscoop.

Continue reading McAfee acquires Skyhigh Networks to expand offerings after Intel split→

Army must empower next generation to succeed in cyber, senior official says

Posted on November 10, 2017 by Chris Bing

For the armed forces to succeed in cyberspace, the military must avoid “groupthink” by exploring new approaches and empowering junior service members, a senior U.S. Army official says. To quickly develop the Army’s cyber capabilities requires that leadership consider unique options while also adjusting for a different culture brought in by recruits who are inherently digitally savvy, according to Col. Chris Wade, director of the Army’s Task Force Cyber Strong. The program is designed to quickly develop and improve the military’s ability to defend against and launch cyberattacks. “What we want to avoid in the Army is that ‘groupthink,’” Wade said Thursday at the Red Hat Government Symposium presented by FedScoop. “That’s challenging for us as leaders … we got to embrace what’s going on .. giving power to the lowest levels so that guys can think through problems and rapidly react.” Wade, who serves in the Army’s Office of the Deputy Chief […]

The post Army must empower next generation to succeed in cyber, senior official says appeared first on Cyberscoop.

Continue reading Army must empower next generation to succeed in cyber, senior official says→

Huawei tried to acquire technology from the winners of the Cyber Grand Challenge

Posted on November 9, 2017 by Chris Bing

After seven supercomputers hacked each other on stage at a prominent cybersecurity conference in Las Vegas in August 2016, a Chinese corporation approached U.S. researchers responsible for developing the cutting-edge technology in hopes of acquiring it. The previously unreported but concentrated interest by Huawei Technologies, a company once at the center of a federal investigation and which has come under scrutiny by U.S. spy agencies, came in the form of phone calls and emails sent to select individuals involved in engineering machines that competed in the 2016 DARPA Cyber Grand Challenge. ForAllSecure, the company whose team won the challenge, was among those contacted by a representative claiming to be from Huawei. ForAllSecure ignored the advances, according to company CEO David Brumley. The decision was partially driven by a common understanding that Huawei is closely connected to the Chinese government and as such, a relationship with Huawei may negatively impact ForAllSecure’s ability to […]

The post Huawei tried to acquire technology from the winners of the Cyber Grand Challenge appeared first on Cyberscoop.

Continue reading Huawei tried to acquire technology from the winners of the Cyber Grand Challenge→

Russian hackers used NYC terror attack news to lure targets into loading malware

Posted on November 8, 2017 by Chris Bing

Security researchers recently discovered a notable spear phishing email campaign that used a peculiar, albeit increasingly popular, intrusion technique hidden inside a message concerning a terrorism attack in New York City. The operation appears to have been conducted, according to U.S. cybersecurity firm McAfee, by an infamous group of Russian hackers widely known as APT28 or Fancy Bear. The group is best known for breaching the Democratic National Committee in the run up to the 2016 U.S. Presidential Election. The malicious emails designed by APT28 may have been recently sent to military personnel located in Germany and France, based on other associated campaigns that were similar linked to the Russian hackers, explained Ryan Sherstobitoff, a senior analyst with McAfee’s advanced threat research team. “Based on the telemetry we captured, we have observed targets in Europe, specifically France and Germany,” Sherstobitoff said. “The document theme from the previous related campaign has […]

The post Russian hackers used NYC terror attack news to lure targets into loading malware appeared first on Cyberscoop.

Continue reading Russian hackers used NYC terror attack news to lure targets into loading malware→

More than two years after historic breach, OPM continues to struggle with cybersecurity

Posted on November 7, 2017 by Chris Bing

The Office of Personnel Management continues to struggle with cybersecurity more than two years after the agency first publicly acknowledged they were breached due to poor security practices, according to a newly released Office of the Inspector General report. The report, which focuses on the state of systems during fiscal year 2017, concludes that while OPM has “made improvements in its Security Assessment and Authorization (Authorization) program,” inspectors were nonetheless able to find a “significant deficiency in OPM’s information security management structure.” This translated to a poor overall cybersecurity score, as defined by the National Institute of Standards and Technology, of two out of five for OPM. The score from the OIG is supposed to define the “maturity” level of an organization in relation to the security of information systems. This lackluster rating is due in large part to inaction by the agency regarding prior security recommendations referenced in other audits. “OPM is not […]

The post More than two years after historic breach, OPM continues to struggle with cybersecurity appeared first on Cyberscoop.

Continue reading More than two years after historic breach, OPM continues to struggle with cybersecurity→

Chinese hackers starting to return focus to U.S. corporations

Posted on November 6, 2017 by Chris Bing

Security researchers recently found a hacking group with suspected ties to the Chinese government engaged in what appears to be corporate espionage against multiple U.S. companies. The findings underscore an emerging, albeit opaque trend in which hackers linked to Beijing are conducting economic, cyber-enabled espionage, despite the Chinese Communist Party agreeing to stop such activity against the U.S. as part of a 2015 agreement between Chinese President Xi Jinping and U.S President Barack Obama. Experts say the 2015 truce resulted in a noticeable downturn in economic espionage. But there are signs the agreement may be deteriorating under the Trump administration. According to recent research by multinational services giant PwC, a hacking group known as “KeyBoy” has returned to the fold with a data theft campaign aimed primarily at Western organizations. The operation, PwC Threat Intelligence Analyst Bart Parys told CyberScoop, shows the continued technical development of a previously reported group that has apparently […]

The post Chinese hackers starting to return focus to U.S. corporations appeared first on Cyberscoop.

Continue reading Chinese hackers starting to return focus to U.S. corporations→