Security News
Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low. Ehrlich says the Granicus database included links to files on websites belonging to the Department of Health and Human Services and U.S. House of Representatives, as well as hundreds of other local government units across the country.
Starting in the 1970s and continuing through the 1990s, the U.S. Central Intelligence Agency and the German BND intelligence service secretly controlled the majority of the Swiss firm Crypto AG, giving the two agencies access to the company's communication equipment, which was used around the world for top-secret government messages, according to the reports. A former Crypto AG worker told Switzerland's SRF television station that he would find two sets of encryption algorithms within the company's devices.
While the IR process is mostly technical, reporting to the organization's management should take place on a much higher level in order for the non-security -savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template which apart from providing an actionable response framework, is also clear and intuitive for the executive level.
Almost a third of internet users affected by data breaches last year had reused a password in some form. "Our data shows that consumers are still not changing their poor password habits, yet we know they're holding organizations accountable for their security." said David Endler, chief product officer for SpyCloud.
US and German intelligence services raked in the top secret communications of governments around the world for decades through their hidden control of a top encryption company, Crypto AG, US, German and Swiss media reported Tuesday. Together they rigged Crypto's equipment to be able to easily break the codes and read the government's messages, according to reports by the Washington Post, German television ZTE and Swiss state media SRF. - 'Coup of the century' -.
FireEye researchers are tracking a hacker campaign using a new type of backdoor they call "Minebridge" that has primarily been targeting U.S. financial firms this year. The campaign, which appears to have started around Jan. 7, involves planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, according to a new FireEye report.
In the weeks leading up to the 2016 presidential election, the Obama administration struggled to respond to Russia's efforts to interfere with the voting process due, in part, to internal debates over concerns about confusing the public, according to a new U.S. Senate Intelligence Committee report. The report released Thursday, "U.S. Government Response to Russian Activities," is the third volume based on the Senate Intelligence Committee's investigation into the 2016 election and how Russia sought to interfere in the U.S. voting process.
The study does not say whether the phishing emails that targeted Kasraie and others were successful in compromising their passwords and other credentials, and a spokesperson for Certfa says that the campaign has not been successful, although not all victims may have come forward yet. One of the tipoffs that these emails were phishing lures is that Fassihi recently moved to the New York Times and wouldn't be seeking interviews with subjects for the Journal, according to the report.
Each year, thousands of cybersecurity professionals submit proposals to be a speaker at RSA Conference. Each year, we mine these proposals for trends and commonalities.
A review by two computer security experts of the mobile app that malfunctioned during Iowa's critical tally of the Democratic Party's caucus has uncovered that it insecurely sends data, ProPublica reports. Veracode found that the app was vulnerable to hacking "Because of a lack of safeguards, transmissions to and from the phone were left largely unprotected," it reported.