#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

us Defense | Breaking Cybersecurity News | The Hacker News

US Defense Contractor left Sensitive Files on Amazon Server Without Password

US Defense Contractor left Sensitive Files on Amazon Server Without Password

May 31, 2017
Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report. UpGuard cyber risk analyst Chris Vickery discovered  a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access. The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country's top defense contractors. Although there wasn't any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials. Master Credentials to a Highly-Protected Pentagon System were Exposed Roughly 28GB of exposed documents included the privat
Chinese hackers access major U.S. weapon system Designs

Chinese hackers access major U.S. weapon system Designs

May 28, 2013
According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Internet Explorer 8 zero-day attack spreads on 9 other sites

Internet Explorer 8 zero-day attack spreads on 9 other sites

May 08, 2013
Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense , and security industries as well as non-profit groups and institutes Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least. Researchers analyzing the attacks say that the attack tie it to a China-based hacking group known as " DeepPanda ". Security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. Micros
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Chinese Hackers Steal Info from top secret U.S military data

Chinese Hackers Steal Info from top secret U.S military data

May 03, 2013
QinetiQ , a UK-based defense contractor  suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East. The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm's Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.  As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the questi
Cyber 9/11, cyber doomsday...between fear and need for action

Cyber 9/11, cyber doomsday...between fear and need for action

Mar 15, 2013
It's not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and Secretary of Homeland Security Janet Napolitano warned in more than one occasion on the possible consequences of a cyber offensive and declared the necessity to improve the cyber capabilities of the country.  Senators are interested to evaluate the level of protection of nuclear stockpile of foreign governments against cyber attacks, question has been raised after that Pentagon's chief cyber officer admitted to ignore if countries such as Russia or China have adopted efficient countermeasures. Nelson and Armed Services Committee Chairman Sen. Carl Levin, D-Mich. will request to national intelligence an assessment about the ability of foreign states to safeguard networked
WikiLeaks releases hacked US military detention policies

WikiLeaks releases hacked US military detention policies

Oct 25, 2012
The whistleblowing website Wikileaks from tonight releasing more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets - " The Detainee Policies " In a statement , WikiLeaks criticized regulations it said had led to abuse and impunity and urged human rights activists to use the documents to research what it called policies of unaccountability . WikiLeaks says it plans to release the files in chronological order to paint a picture of the evolution of America's military detainee practices. WikiLeaks founder Julian Assange said: " The 'Detainee Policies' show the anatomy of the beast that is post-9/11 detention, the carving out of a dark space where law and rights do not apply, where persons can be detained without a trace at the convenience of the U.S. Department of Defense. It shows the excesses of the early days of war against an unknown
Cybersecurity Resources