Collaborate Disseminate
Facebook announced Friday it has discovered a security incident affecting almost 50 million accounts.
The social media giant discovered the breach earlier this week, when its engineering team discovered a vulnerability in Facebook’s code that impacted … Continue reading Facebook announces ‘security issue’ affecting nearly 50 million users
Ridehailing company Uber will pay $148 million across all 50 states and Washington, D.C., as part of a settlement stemming from a data breach that revealed sensitive information on 57 million of the company’s users. The breach took place in October 2016 and revealed names, email addresses, phone numbers and U.S. driver’s license numbers. The company paid the hackers $100,000 to stay quiet and delete the data. Several attorneys general released statements after the settlement was announced, with each state getting a varying amount. “Uber completely disregarded Illinois’ breach notification law when it waited more than a year to alert people to a serious data breach,” said Illinois Attorney General Lisa Madigan. “While Uber is now taking the appropriate steps to protect the data of its drivers in Illinois and across the country, the company’s initial response was unacceptable. Companies cannot hide when they break the law.” “Uber violated Pennsylvania law by failing to […]
The post Uber to pay $148 million to states for 2016 data breach appeared first on Cyberscoop.
Continue reading Uber to pay $148 million to states for 2016 data breach
Former National Security Agency employee Nghia H. Pho was sentenced to 66 months in prison Tuesday for taking home highly classified NSA hacking tools between 2010 and 2015, some of which were later released to the public. Pho pleaded guilty in December to one count of removal and retention of national defense information. The government was seeking a sentence of 96 months. Pho appeared Tuesday in U.S. District Court for the District of Maryland for the sentencing. The case marks the third instance in the past three years in which a NSA employee or contractor had been charged with mishandling classified information. In October 2016, it was revealed that an NSA contractor, Harold Martin, had approximately 50 terabytes worth of classified data in his Maryland home. It was reported in January that Martin would plead guilty, but no plea has been entered. Another contractor, Reality Winner, was arrested after leaking a classified […]
The post Former NSA employee sentenced to 66 months for taking home classified info appeared first on Cyberscoop.
Continue reading Former NSA employee sentenced to 66 months for taking home classified info
Credit monitoring giant Equifax has been hit with the maximum penalty from the UK’s data protection agency for its actions related to the company’s massive data breach. The U.K. Information Commissioner’s Office issued a fine of £500,000 (about $664,000) for failure to protect information tied to 15 million U.K. residents. Equifax announced in October 2017 that along with the 145 million U.S. residents impacted by the breach, a file containing 15.2 million records on U.K. citizens was also “attacked.” That number included over 693,000 U.K. residents that had their email address, phone number, driver’s license number or username and password combination stolen. The fine ties back to the U.K. Data Protection Act of 1998, a law that has been superseded by the European Union’s General Data Protection Regulation (GDPR). The Equifax breach occurred prior to GDPR’s activation. The fines under GDPR would be extensively larger. Under the new law, companies […]
The post Equifax fined maximum penalty under 1998 UK data protection law appeared first on Cyberscoop.
Continue reading Equifax fined maximum penalty under 1998 UK data protection law
Code has been discovered siphoning credit card numbers from consumer technology retail website Newegg, according to security researchers from two cybersecurity companies. In reports published Wednesday by RiskIQ and Volexity, researchers discovered instances of code liked to the operators of Magecart, a group that has been behind a slew of recent, high-profile credit card number breaches. Thieves have been siphoning credit card data since Aug. 14, when a piece of Javascript was inserted into Newegg’s payment sites. That code pulled credit card numbers and sent them to a site with a similar URL — neweggstats[.]com. According to Volexity, the code wasn’t removed from the Newegg payment site until Tuesday. Newegg is an extremely popular retailer, ranking 161 on Alexa’s list of top websites in the U.S. According to SimilarWeb, the site receives 50 million visitors a month. “Over an entire month of skimming, we can assume this attack claimed a […]
The post Magecart strikes again, this time at electronics retailer Newegg appeared first on Cyberscoop.
Continue reading Magecart strikes again, this time at electronics retailer Newegg
In the wake of the Department of Justice charging a North Korean computer programmer with crimes related to various cybersecurity cases, one thing seems to be agreed upon: The chances of Park Jin Hyok seeing an American courtroom are slim. However, there seems to be a rift among legal and cybersecurity experts over the way the U.S. government handled the recent complaint against the hacking unit known as Lazarus Group. Those who spoke to CyberScoop are at odds over whether the complaint shed too much light into the government’s attribution process, giving North Korean hackers the ability to fix any glaring holes and improve their offensive capabilities. “I think it’s a total waste of money,” said Blake Darché, a former NSA analyst. “It does nothing to deter the cyberthreat and makes it look like the United States can’t even bring the people to justice that we charged.” In the complaint, the U.S. […]
The post Deterrence or waste of time? Experts at odds over DOJ’s actions on North Korea appeared first on Cyberscoop.
Continue reading Deterrence or waste of time? Experts at odds over DOJ’s actions on North Korea
Another cybersecurity expert at the FBI is headed for the private sector. Trent Teyema, the FBI’s section chief for cyber readiness and chief operating officer of the bureau’s Cyber Division, has been named senior vice president and chief technology officer for the government-focused wing of Parsons Corporation. The move comes as a number of cybersecurity experts at the bureau have left their positions over recent months. In July, the Wall Street Journal reported that a number of top-ranking cybersecurity officials were leaving for various roles in the private sector. The FBI’s cyber readiness team works to educate enterprises on various cyberthreats and coordinate information-sharing initiatives. During his time at the bureau, Teyema helped establish the FBI’s National Cyber Investigative Joint Task Force, which is responsible for investigating cyberthreats that pose the most harm to the country. Teyema also spent time as the director of cybersecurity policy at the National Security Council from […]
The post FBI loses another cybersecurity expert to private sector appeared first on Cyberscoop.
Continue reading FBI loses another cybersecurity expert to private sector
The State Department must do more to shore up its cybersecurity posture, according to a bipartisan group of senators. The department is woefully behind on hitting various federal cybersecurity benchmarks, and it is weak on basic measures to protect against phishing, hacks and other cyberattacks, wrote Ron Wyden, D-Ore., Cory Gardner, R-Colo., Ed Markey, D-Mass., Rand Paul, R-Ky., and Jeanne Shaheen, D-N.H., in a letter to Secretary Mike Pompeo. The letter cites two recent reports: The department’s inspector general found last year that 33 percent of diplomatic missions failed to conduct even the most basic cyberthreat management practices, like regular reviews and audits. Also, the General Services Administration found that the department has only instituted enhanced access controls on 11 percent of agency devices. The Federal Cybersecurity Enhancement Act requires agencies to enable multi-factor authentication (MFA) for elevated privileged accounts. “We urge you to improve compliance by enabling more secure authentication mechanisms across […]
The post Senators want answers on State Department’s glaring cybersecurity gaps appeared first on Cyberscoop.
Continue reading Senators want answers on State Department’s glaring cybersecurity gaps
San Francisco-based Sysdig announced a $68.5 million Series D funding round Wednesday, doubling the amount of money the company has previously raised for its container monitoring and security offerings. Launched in 2013, the company specializes in platforms that help developers handle vulnerability management, more than 200 compliance checks, and security analytics in containers and microservices used in enterprises. Containers have been a big deal in the application development world for a while. The popular infrastructure tech gives developers a way to run applications in a consistent manner across a host of different environments, without wasting computing resources or accumulating large run costs. Among the most well known container services are Docker, rkt, and lxd. 451 Research believes application containers will be a $2.7 billion market by 2020, with an annual growth rate of 40 percent compared to other cloud-enabling technologies. “Enterprises are adopting cloud-native technology for its speed of development, […]
The post Sysdig raises $68.5 million for container security solutions appeared first on Cyberscoop.
Continue reading Sysdig raises $68.5 million for container security solutions
Cybersecurity giant Trend Micro has apologized after researchers discovered that a number of the company’s consumer-facing apps were collecting users’ browser histories. Thomas Reed, the lead for Mac and mobile at Malwarebytes, published research last week that discovered a number of MacOS apps were exfiltrating sensitive data to servers controlled by the developer. A number of these apps – Dr. Cleaner, Dr. Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery and Duplicate Finder — are owned and operated by Japan-based Trend Micro. Apple normally places tight restrictions on what data app developers can collect. Yet Read found that the apps were pulling data that they should not have had access to. With regard to Dr. Antivirus, Reed found the app was pulling complete browsing and search history from Chrome, Firefox, Safari and the App store. Additionally, the app also created a file that “contained detailed information about every application found […]
The post Trend Micro blames data collection issue on code library re-use appeared first on Cyberscoop.
Continue reading Trend Micro blames data collection issue on code library re-use