"The figure of 24,473 attempts represents about 160 requests per day on average from computers and other devices connected to the parliamentary network – which is used by MPs, peers and staff – between June and October last year. Parliamentary authorities say the majority of attempts are not deliberate."
"The information in the file also included names, Social Security numbers, dates of birth, positions, grades and duty stations. The agency said it 'did not include any information about employees’ spouses, children, family members and/or close associates.' The agency confirmed that the incident was not due to an external cyber-attack from unknown sources but stemmed from a leak inside the DHS itself. The breach was eventually categorized as a 'privacy incident.'"
"NSA Whistleblower Edward Snowden is among the backers of a new surveillance app that helps guard against computer hijackings. Haven is an open source app that will run on any Android phone, particularly inexpensive and older devices. It operates like a surveillance system, using the device’s camera, audio recording capability and even accelerometer to detect movement and notify a user. The idea is that, even with the best encryption in the world, a device is vulnerability to physical, in-person tampering — also known as 'evil maid' because literally a hotel maid could access it."
"The Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own."
"The idea that 'strong security' is compatible with a government backdoor is a lie. Any security expert can tell you that a backdoor leaves your product vulnerable, even if you trust the government agency with the key. Previous backdoors advocated by the US government have been blown wide open by security experts. There is near-universal agreement among security experts that government backdoors and security are not compatible – a reality that the DOJ continues to ignore."
"The likes of the EFF have long argued that having a “black box” that can control networking and hardware, even when the computer is switched off, represents a major security and privacy risk. Turns out they were right. Security firm Positive Technologies reports being able to execute unsigned code on computers running the IME through USB. The fully fleshed-out details of the attack are yet to be known, but from what we know, it’s bad."
"Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access to all metadata stored in their Twilio accounts, including text/SMS messages, call metadata, and voice recordings."
"The CIA multi-platform hacking suite ‘Hive’ was able to impersonate existing entities to conceal suspicious traffic from the user being spied on, the source code of the malicious program indicates, WikiLeaks said on Thursday. The extraction of information would therefore be misattributed to an impersonated company, and at least three examples in the code show that Hive is able to impersonate Russian cybersecurity company Kaspersky Lab, WikiLeaks stated."
"According to Appleby's website, its experts advise global public and private companies, financial institutions, and 'high net worth' individuals. A profile on Chambers and Partners says its clients include financial institutions, FTSE 100 and Fortune 500 companies."
"The antivirus software was doing exactly what it was supposed to do, sweeping up computer malware, and collecting data for analysis to improve their ability to fight off such attacks in the future. And that’s exactly what customers are paying for with such companies’ software, and the big problem the US has with Kaspersky seems not to be that it is Russia-based, but that it worked so well it detected their brand new malicious software."