Category Archives: Chris Vickery

Norton 360 Now Comes With a Cryptominer

Posted on by

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and enables customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?” Continue reading Norton 360 Now Comes With a Cryptominer

A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?

Posted on by

It seemed like exactly the tech startup that so many conservatives said they wanted. AllSocial was an emerging social media network that garnered more than a million users, in part by alluding to the unfounded claim that existing sites like Facebook and Twitter censor conservative political thought. AllSocial users could connect with new friends with the understanding the site would never limit how far a user’s posts would spread based on their politics, an apparent reference to allegations that Republicans repeatedly have made against Facebook and Twitter. “Viewpoint censorship is when creative expression is suppressed, removed or banned on the internet,” said a June 13 post from the AllSocial Facebook account. “Unlike other social media platforms we do not ban or shadow-ban users based on personal or political beliefs. Yep, that’s the AllSocial way.” The site and its two mobile apps have been down for more than a month, though, […]

The post A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial? appeared first on CyberScoop.

Continue reading A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?

Exclusive: PR software firm exposes data on nearly 500k contacts

Posted on by

A company that sells content management software and services exposed data on 477,000 media contacts, including 35,000 hashed user passwords, to the public internet. In October, iPRsoftware, a U.S.-based company that specializes in software that manages and disseminates company public relations and marketing, was discovered to be exposing the data along with administrative system credentials and assorted documents. Among the documents were marketing materials for client companies, as well as credentials for the company’s Google and Twitter accounts and a MongoDB hosting provider. Chris Vickery, director of cyber risk research at UpGuard, first contacted the company about the exposure in October. Despite the company’s acknowledgement of the issue, Vickery observed that over the next week, the only thing that changed was the appearance of a log file for the purpose of reviewing activity related to the open repository. When contacted weeks later by CyberScoop about the exposure, a company representative said it […]

The post Exclusive: PR software firm exposes data on nearly 500k contacts appeared first on CyberScoop.

Continue reading Exclusive: PR software firm exposes data on nearly 500k contacts

Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks

Posted on by

In this Newsmaker Interview, ‘breach hunter’ Chris Vickery explores a recent spate of breaches from Marriott, USPS and Dell EMC. Continue reading Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks

Cambridge Analytica’s secret coding sauce allegedly leaked

Posted on by

The exposed data, available free by registering an email address, shows CA used software developed by AggregateIQ to sway US elections.

Continue reading Cambridge Analytica’s secret coding sauce allegedly leaked

GDPR will change how companies work with cloud providers

Posted on by

One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we are seeing errors in the way they safeguard personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, ‎director of cyber risk research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery identified these openly discoverable instances associated with a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While they were all based in America, Vickery recently came across a similar breach at French marketing firm Octoly, which caters […]

The post GDPR will change how companies work with cloud providers appeared first on Cyberscoop.

Continue reading GDPR will change how companies work with cloud providers

Another cloud leak shows AWS can only do so much to protect data

Posted on by

It’s getting to the point where if you blink, you might miss another story about the accidental exposure of sensitive data stored in a public cloud instance. Case in point: cybersecurity firm UpGuard recently found 36GB of data from the U.S. Census Bureau and consumer credit reporting agency Experian. The data, which was stored by data analytics firm Alteryx, was inadvertently exposed on a Amazon Web Services S3 cloud storage bucket. Experian has called the incident — which affects 123 million U.S. households — “an Alteryx issue,” even as the credit monitoring firm’s customers were directly impacted. UpGuard researcher Chris Vickery told CyberScoop that regardless of what organization is storing data, third-party vendor risk should be a point of concern for all involved. “Third-party vendor risk is a problem for both parties,” Vickery said. “Look at it this way: If you store your valuables in a bank vault, and the bank forgets to […]

The post Another cloud leak shows AWS can only do so much to protect data appeared first on Cyberscoop.

Continue reading Another cloud leak shows AWS can only do so much to protect data

Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

Posted on by

A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015. Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access. NCF’s exposure is the latest in a string of organizations leaving sensitive data accessible by the public via an S3 instance. There have been similar incidents impacting the National Security Agency, Department of Defense, Viacom and Verizon, all of which have been discovered by Vickery “This wasn’t secure whatsoever,” Vickery said of […]

The post Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server appeared first on Cyberscoop.

Continue reading Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

Leaky AWS Storage Bucket Spills Military Secrets, Again

Posted on by

For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online. Continue reading Leaky AWS Storage Bucket Spills Military Secrets, Again