Enemies of U.S. continue cyberattacks without fear of reprisal, NSA director nominee says

Russia and China continue to hack into U.S. companies and government agencies because they aren’t afraid of a potential response, senior U.S. officials say. The Army general expected to be confirmed as the next head of the NSA and U.S. Cyber Command told senators at a congressional hearing on Thursday that he doesn’t believe U.S. adversaries in cyberspace fear any repercussions for conducting hacking campaigns and cyber-espionage. Lt. Gen. Paul Nakasone’s bleak assessment at at a Senate Armed Services Committee hearing comes two days after the the same committee grilled the outgoing Adm. Mike Rogers, who Nakasone would replace, for indicating that the U.S. does not have offensive plans in motion to retaliate against cyberattacks. Responding to a line of questioning from Sen. Dan Sullivan, R-Alaska., who called the U.S. “the cyber punching bag of the world”, Nakasone said that countries known to target the U.S. in cyberattacks are not deterred […]

The post Enemies of U.S. continue cyberattacks without fear of reprisal, NSA director nominee says appeared first on Cyberscoop.

Continue reading Enemies of U.S. continue cyberattacks without fear of reprisal, NSA director nominee says

House Votes to Reauthorize Controversial Spy Provision, Section 702

The U.S. House of Representatives voted to renew U.S. spy provisions, extending the powers of the NSA to collect internet communications for another six years. Continue reading House Votes to Reauthorize Controversial Spy Provision, Section 702

Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015. Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access. NCF’s exposure is the latest in a string of organizations leaving sensitive data accessible by the public via an S3 instance. There have been similar incidents impacting the National Security Agency, Department of Defense, Viacom and Verizon, all of which have been discovered by Vickery “This wasn’t secure whatsoever,” Vickery said of […]

The post Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server appeared first on Cyberscoop.

Continue reading Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server

Leaky AWS Storage Bucket Spills Military Secrets, Again

For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online. Continue reading Leaky AWS Storage Bucket Spills Military Secrets, Again

Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer. Continue reading Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

More Than 120 Malware Detections Triggered on NSA Employee’s Computer

Kaspersky Lab has concluded an internal investigation into an incident that led to the company being accused of using its antivirus program to copy secret files from the personal computer of an NSA employee. The company believes it has identified the incident in its logs, but telemetry data revealed more than 120 malware detections on..

The post More Than 120 Malware Detections Triggered on NSA Employee’s Computer appeared first on Security Boulevard.

Continue reading More Than 120 Malware Detections Triggered on NSA Employee’s Computer

White House Releases VEP Disclosure Rules

The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret. Continue reading White House Releases VEP Disclosure Rules

R.I.P. root9B? We Hardly Knew Ya!

root9B, a company that many in the security industry considered little more than a big-name startup aimed at cashing in on the stock market’s insatiable appetite for cybersecurity firms, surprised no one this week when it announced it was ceasing operations at the end of the year.

Founded in 2011, Colorado Springs, Colo. based root9B Technologies touted itself as an IT security training firm staffed by an impressive list of ex-military leaders with many years of cybersecurity experience at the Department of Defense and National Security Agency (NSA). As it began to attract more attention from investors, root9B’s focus shifted to helping organizations hunt for cyber intruders within their networks. Continue reading R.I.P. root9B? We Hardly Knew Ya!

Trump orders that U.S. Cyber Command receive new authority to conduct cyberwarfare

President Donald Trump announced Friday that U.S. Cyber Command will be elevated to a unified combatant command, making it the 10th such organization with the operational authority to conduct military operations abroad under the purview of the secretary of Defense and the White House. Trump’s decision to elevate Cyber Command now requires that Secretary of Defense James Mattis conduct a review to determine whether Cyber Command should be separated from its Fort Meade neighbor and partner organization, the National Security Agency. Cyber Command is currently led by NSA Director Adm. Mike Rogers. While in that dual-hat role as the leader of both forces, he has consistently advocated for the elevation of Cyber Command. There’s bipartisan support on Capitol Hill to provide Cyber Command with greater operational authority and additional resources, but the question of whether the organization should be divided from NSA remains more difficult for Congress to answer. Until now, the […]

The post Trump orders that U.S. Cyber Command receive new authority to conduct cyberwarfare appeared first on Cyberscoop.

Continue reading Trump orders that U.S. Cyber Command receive new authority to conduct cyberwarfare