security test – WindowsTechs.com

GAO report shows how easy it is to hack DOD weapons systems

Posted on October 9, 2018 by Sean Lyngaas

In cybersecurity probes of Department of Defense weapons systems in recent years, penetration testers were able to wrest control of systems with relative ease and generally operate undetected, according to a Government Accountability Office report. “We found that from 2012 to 2017, DOD testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development,” the report states. In one test, a two-person team gained initial access to a system in an hour, then gained full control of the system in a day, the watchdog said. In another, the pen-testers seized control of the operators’ terminals, could see what the operators saw on their screens, and “could manipulate the system,” GAO found. Many of the testers said they could change or delete data. In one case they downloaded 100 gigabytes of it. The scathing report chalks up the insecurities in the Pentagon’s weapon systems to defense officials’ “nascent […]

The post GAO report shows how easy it is to hack DOD weapons systems appeared first on Cyberscoop.

Continue reading GAO report shows how easy it is to hack DOD weapons systems→

Spurred by security incidents, DOT goes looking for its software flaws

Posted on September 7, 2018 by Sean Lyngaas

The Department of Transportation has recently completed a set of thorough security tests on software used in the Transportation Secretary’s office, yielding surprising results about the software’s vulnerabilities. The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.” A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems. DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO. Hildebrand, a former executive at Hewlett Packard Enterprise, said she wanted to expand the testing program to other parts of DOT’s vast IT enterprise. “There’s going to be a team approach to whacking these [vulnerabilities] as […]

The post Spurred by security incidents, DOT goes looking for its software flaws appeared first on Cyberscoop.

Continue reading Spurred by security incidents, DOT goes looking for its software flaws→

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Posted on August 23, 2018 by Tara Seals

DNC officials and Lookout believed a spoofed site was built to harvest authentication details for the Democratic voter database. Continue reading DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test→

After security testing, CFPB to resume collecting consumer data

Posted on June 1, 2018 by Sean Lyngaas

After an “exhaustive” review of the agency’s security practices, the Consumer Financial Protection Bureau will resume collecting consumers’ personal data, acting agency director Mick Mulvaney told employees Thursday. An independent security assessment “concluded that ‘externally facing bureau systems appear to be well-secured,’” Mulvaney said. CFPB has a mandate to collect consumer data on things like credit cards and mortgages. The agency’s cybersecurity practices drew the scrutiny of lawmakers in April, when Mulvaney told the Senate Committee on Banking, Housing, and Urban Affairs that the agency had suffered roughly 240 data security breaches and 800 suspected breaches. An CFPB spokesperson told CyberScoop the breaches of personally identifiable information happened before Mulvaney took the agency’s helm in November 2017. “When I first arrived at the bureau, I was concerned that the information the bureau collects about consumers could fall prey to hackers or other actors,” Mulvaney said in an email to agency staff […]

The post After security testing, CFPB to resume collecting consumer data appeared first on Cyberscoop.

Continue reading After security testing, CFPB to resume collecting consumer data→

How a failed lawsuit trailed Crowdstrike into RSA

Posted on February 14, 2017 by Chris Bing

Rumors of a failed lawsuit launched by Crowdstrike, a cybersecurity industry leader, against product-testing firm NSS Labs quickly spread Tuesday among the thousands of attendees at the 2017 RSA conference. During one of the conference’s many industry-promoted parties Monday night, multiple attendees could be overheard talking about the controversy even before media reports began circulating. Other […]

The post How a failed lawsuit trailed Crowdstrike into RSA appeared first on Cyberscoop.

Continue reading How a failed lawsuit trailed Crowdstrike into RSA→