124 matches found
APT15 Hackers Hit UK Govt Contractor to Steal Military Technology Secrets
By Waqas The APT15 hacking group has always been associated with Chinese This is a post from HackRead.com Read the original post: APT15 Hackers Hit UK Govt Contractor to Steal Military Technology Secrets...
CVE-2018-5328
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...
CENTCOM Says Massive Data Cache Found on Leaky Server is Benign
A massive archive of 1.8 billion publicly accessible social-media posts were found on the Amazon S3 storage buckets that belonged to a Pentagon contractor. The data was collected by the third-party contractor on the behalf of United States Central Command and United States Pacific Command...
Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust
Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a "comprehensive transparency initiative," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launch...
Yet Another Russian Hack of the NSA -- This Time with Kaspersky's Help
The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersk...
Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution...
Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution...
hafeezcontractor.com XSS vulnerability
Vulnerable URL: http://www.hafeezcontractor.com/wp-content/themes/contractor/show-publications.php?ID=1743%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly...
Trove of Private Military Contractor Job Applicants Exposed Online
By Waqas Another day another trove of data goes public This This is a post from HackRead.com Read the original post: Trove of Private Military Contractor Job Applicants Exposed Online...
IT threat evolution Q2 2017
Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit SAS included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London present...
Breach at Third Party Contractor Affects 18,000 Anthem Members
A month after it agreed to settle 2015’s massive data breach, Anthem Inc., the United States’ largest healthcare company, has a new problem on its hands. The Indianapolis-based company began notifying 18,000 members affected by another unrelated data breach last week. Anthem reported the breach o...
WikiLeaks Reveals CIA Teams Up With Tech to Collect Ideas For Malware Development
As part of its ongoing Vault 7 leaks, the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals. According to the documents leaked by WikiLeaks, Raytheon Blackbird...
militaryfactory.com XSS vulnerability
Open Bug Bounty ID: OBB-252370 Description| Value ---|--- Affected Website:| militaryfactory.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Feds Charge NSA Contractor Accused of Exposing Russian Hacking
The arrest of an alleged source of a classified leak to the Intercept offers a lesson in the risks of spilling secrets. The post Feds Charge NSA Contractor Accused of Exposing Russian Hacking appeared first on WIRED...
FBI Arrests NSA Contractor for Leaking Secrets – Here's How they Caught Her
The FBI arrested a 25-year-old NSA contractor on Saturday 3rd June for leaking classified information to an online news outlet which published its report yesterday 5th June — meaning the arrest was made two days before the actual disclosure went online. Reality Leigh Winner, who held a top-secret...
Tracing Spam: Diet Pills from Beltway Bandits
Reading junk spam messages isn't exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here's the simple story of how a recent spam email advertising celebrity "diet pills" was traced back to a Washington, D.C.-area defense...
Pentagon Subcontractor Inadvertently Leaks 11 Gigs of Sensitive Data
A slew of sensitive data pertaining to psychologists, doctors and other healthcare professionals involved with an arm of the U.S. Department of Defense was recently left unsecured online. Chris Vickery, a security researcher with MacKeeper who has stumbled across unsecured internal databases...
Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools
Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency. Now, according to a court document filed Thursday, the FBI seized at least 50 terabytes of data from 51-year-old Martin tha...
On Virus Bulletin, APT False Flags, and the NSA Contractor Arrest
Mike Mimoso and Chris Brook discuss this week’s Virus Bulletin conference in Denver and CNBC’s Cambridge Cyber Summit at MIT, the NSA contractor arrest, APT false flags, and more. Download: ThreatpostNewsWrapOctober72016.mp3 Music by Chris Gonsalves...
Unraveling Turla APT Attack Against Swiss Defense Firm
Ever since hackers targeted Swiss defense contractor RUAG, government officials have been tight lipped about the breach. But on Monday Switzerland’s CERT Computer Emergency Readiness Team spilled the beans on the attack against the firm and the how perpetrators pulled it off. While Monday’s repor...