Cybersecurity

Drone Maker Accuses Bug Bounty Seeker of Unauthorized Hacking

Drone Maker Accuses Bug Bounty Seeker of Unauthorized Hacking

Chinese drone manufacturer DJI has recently accused a security researcher of breaking into its servers and refusing to agree with the terms and conditions of its bug bounty program. Independent researcher Kevin Finisterre initially approached the company to collect the reward for the security flaws he had found on their systems. However, DJI said that he had accessed their servers and saw confidential info without authorization. Finisterre argued that the issue with the servers were part of the program, and that the full terms were only sent to him a month after he sent a report to the company. He […]

UK Chief Says Almost Everybody in the UK Has Been Hacked

UK Chief Says Almost Everybody in the UK Has Been Hacked

At a recent media briefing, UK Chief Constable Peter Goodman revealed that almost everybody in the UK has already been hacked. He added that the personal information of such hacking victims would’ve already been traded in the dark web. He also likened the response of the police to such cybercrimes to a “patchwork quilt” and a “postcode lottery”. Goodman, however, noted that the authorities have already detained a few Russian suspects connected to such activities.    Source: Tech Republic

Bipartisan Harvard Panel Releases Election Anti-Hacking Recommendations

Bipartisan Harvard Panel Releases Election Anti-Hacking Recommendations

A bipartisan panel from Harvard University released yesterday a 27-page guidebook which details their recommendations on how authorities can protect elections from hacking attempts. Some of the recommendations include the use of two-factor authentication and encrypted messaging services such as Signal and Wickr. The set of guidelines, which were revealed ahead to Reuters, are said to include measures which cost little to nothing, but are expected to reduce risks in both local and Congressional contests next year. NSA vet Debora Plunkett who is involved in the project said that the “cyber playbook” is intended to be a realistic, helpful, and […]

Kaspersky Defends Against NSA Breach Accusations

Kaspersky Defends Against NSA Breach Accusations

Antivirus company Kaspersky recently responded to accusations regarding its role in the NSA breach involving the exposure of sensitive files from the computer of a worker from the agency. An article from WSJ alleged that Russian hackers used the Kaspersky software to steal files from the NSA employee’s computer. It was later on confirmed that the company did obtain a copy of the files in question. However, Kaspersky said that it did not steal the said files from the computer, but rather it was detected as a malware by their product and was sent back to them automatically. Furthermore, CEO […]

Unsecured Australian Broadcasting Corporation S3 Causes Data Leak

Unsecured Australian Broadcasting Corporation S3 Causes Data Leak

Kromtech Security Center recently disclosed a sensitive data leak at The Australian Broadcasting Corporation (ABC) involving two unsecured Amazon Web Services (AWS) S3 repositories. The discovery was confirmed by the ABC who said that their IT teams acted immediately after being informed of the leak last November 16. According to Kromtech CIO Bob Diachenko, included in the leak were files which contained login credentials and access keys to a various ABC products, services, and other repositories. This is not the first time the organization had sensitive data exposed. The government-backed broadcaster already had an accidental leak in 2010, and was […]

McAfee Unwittingly Exposes Users to Banking Malware

McAfee Unwittingly Exposes Users to Banking Malware

Security company McAfee recently spread a malware to their users via a domain associated with their email protection service. The service, McAfee ClickProtect, claims to protect businesses from hacking, which includes email malware. However, it was the company’s own safe link “cp.mcafee.com” that directed users to a malicious Word document that had the Emotet banking malware. Emotet is able to siphon sensitive information such as passwords and credentials which are often used to hack and steal funds from accounts. McAfee issued a statement on the matter, saying that has started an investigation and has identified the web property as a […]

New EU Consumer Protection Cooperation Law Includes “Vaguely-worded” Clause on Website Blocking

New EU Consumer Protection Cooperation Law Includes “Vaguely-worded” Clause on Website Blocking

Last Tuesday, the EU passed a new Consumer Protection Cooperation regulation which grants additional powers to the consumer protection agencies in the bloc. However, it also included a vague clause that would allow the agencies to take down websites without judicial review, as explained by EU Parliament member Julia Reda in a post on her blog. According to CPC documents, the regulation is intended as a measure against scam websites or those that violate EU consumer protection laws. However, MEP Reda pointed out that the regulation could be abused since it does not require any mandatory oversight. Opinions on social […]

Swedish Data Protection Authority Launches Investigation into Piracy Settlement Letters

Swedish Data Protection Authority Launches Investigation into Piracy Settlement Letters

Sweden’s Datainspektionen is currently investigating complaints of Swedish internet account holders regarding threat letters from ‘copyright trolls’, or companies which seek to turn a profit by hounding users suspected of piracy. Reports from Swedish Radio revealed that the said companies have contacted a number of Swedes, demanding them to pay up. The Swedish Data Protection Authority will now have to make a determination whether the letters can be considered as a debt collection measure. Njord Law, a firm representing international copyright trolls, has already moved to find identities behind thousands of IP addresses suspected of piracy. However, copyright professor Sanna […]

Cyber-Flaw Disclosure Rules Released by Trump Administration

Cyber-Flaw Disclosure Rules Released by Trump Administration

White House cybersecurity coordinator Rob Joyce recently revealed that the set of rules governing the disclosure of cybersecurity flaws has just been published on Whitehouse.gov. Created under the previous administration, the Vulnerability Equities Process dictated how flaws discovered by intelligence agencies were supposed to be handled. The process is said to balance law enforcement and the government’s intelligence gathering efforts thru device hacking, but security experts have criticized it as being overly secretive and anti-disclosure. Joyce, however, assures that around 90% of the flaws will be disclosed under the revised rules. He also said that it is currently the most […]

Australian IoT Alliance to Introduce Certification Tick

Australian IoT Alliance to Introduce Certification Tick

The Internet of Things Alliance Australia (IoTAA) recently announced that it is currently working on a security framework for the country’s IoT ecosystem. Last Wednesday, IoTAA principal consultant Geof Heydon revealed that they have gotten the support of the Prime Minister’s Industry 4.0 Taskforce for a process that certifies IoT devices, networks, and suppliers. Heydon adds that a certification “tick” would help tell consumers that a particular device can be secure if operated as recommended. He also clarified that the mark is not meant to indicate that a device is completely “secure”, because there is no such thing.  Source: ZDNet