With so much going on in the office last week, here’s a look at some of the top stories you may have missed, including claims that Uber may have illegally accessed its competitors’ networks, the government’s “Hack the Air Force” competition shelling out a whopping $10,650 grand prize, and Kaspersky Lab asking a court to overturn the Trump Administration’s ban of its software.
BUG BOUNTY
‘Hack the Air Force’ Pays Out Biggest Government Bug Bounty Prize Yet
A total of 55 vulnerabilities were discovered during the government’s Hack the Air Force hackathon recently, with a total of $26,883 paid in bounties to white-hat hackers. A pair of hackers earned the top price of $10,650 after discovering a critical bug. The prize is considered the largest single award in any government bug bounty program so far.
GOVERNMENT
Kaspersky Lab Asks Court to Overturn the Trump Administration’s Ban
Russian cybersecurity software firm Kaspersky Lab asked a U.S. federal court to overturn the recent ban on its products in government networks. In September the Department of Homeland Security ordered civilian government agencies to remove the company’s software for its networks within 90 days. Kaspersky Lab has insisted that it has no ties to the Kremlin.
DATA BREACH
Legal Letter Claims Uber Illegally Hacked Competitors’ Networks
A letter submitted by the Department of Justice written on behalf of a former Uber employee, claims the transportation company illegally surveilled its competitors. The letter, submitted to a judge that’s presiding over the legal dispute between Uber and Waymo, reportedly claims that Uber conspired to steal the company’s self-driving technology trade secrets.
RISK MANAGEMENT
Risk Management Struggles Lead to Wasted Resources for Organizations, Study Says
A new study that polls 114 professionals that fall into the CISO, risk officer, cybersecurity specialist and C-level executive category sheds light on the struggles that organizations are facing when it comes to quantifying and managing risk. Conducted by the FAIR Institute, a nonprofit focused on risk management; the study indicates that many organizations in the health, finance, and insurance industries have low-risk management maturity.
GOVERNMENT
U.S. Publicly Acknowledges that North Korea Was Behind WannaCry Attacks
The Trump Administration has declared that North Korea carried out the largest cyber attack of the year, and one of the largest to date. An op-ed published in The Wall Street Journal by Homeland Security Adviser Thomas P. Bossert publicly acknowledges that North Korea was behind the WannaCry worm that impacted more than 230,000 computers in more than 150 countries.
IoT THREAT
Misconfigured Lexmark Printers Open to Attack
Hundreds of Lexmark printers were found to be misconfigured, leaving them open to the public internet, serving as an open door for attackers. Researchers at NewSky Security identified 1,123 Lexmark printers used by businesses, universities and even U.S. government offices. Should an attacker compromise the printers, they could add a backdoor to capture printing jobs or disrupt the printer’s operation.
MALWARE
Cryptocurrency Mining Loapi Malware Destroys Android Phones
After researchers with Kaspersky Lab began testing the recently discovered cryptocurrency mining malware on an Android phone, the device was inoperable within two days. Dubbed Loapi, the strain also has the ability to launch distributed denial-of-service (DDoS) attacks and also features additional malicious functions.
DATA BREACH
Data Analytics Firm Experiences Data Breach Impacting 123M Households
The personal information of about 123 million American households is at risk after a data analytics’ firm experienced a data breach. California-based Alteryx amassed the personal information and uploaded it to a publicly available AWS data repository that lacked basic security protections. The data was “left downloadable on the public internet,” according to one security expert.
