The company's S-1 lays the groundwork for what is widely expected to be one of the largest initial public offerings of the year, second only to Uber's IPO in May. It's also...Technologyread more
Fraud investigator Harry Markopolos' accusations extended beyond GE's management to actuaries, auditors and analysts who he claims overlooked billions in liabilities.Marketsread more
Trump's tweet comes a day after Apple put out a press release describing the money it spends on U.S.-based suppliers and vendors.Technologyread more
CNBC combed through Wall Street research to see which stocks are still a buy after their earnings reports.Marketsread more
President Donald Trump held a call on Wednesday with the CEOs of three major U.S. banks, according to people with knowledge of the situation.Marketsread more
Despite aggressive strides, Waymo needs one thing before their self-driving cars become a seriously useful transportation system: people. We talked to the ones closest to it.Technologyread more
Scientists say the smoke plumes, filled with megatons of tiny, harmful particles, could travel to other areas of the world and cause serious respiratory problems for people.Weather & Natural Disastersread more
Some Weight Watchers loyalists applaud Kurbo by WW. But nutritionists worry Kurbo promotes an unhealthy relationship with food during an especially impressionable time.Health and Scienceread more
Benefits from what President Trump called "the biggest reform of all time" to the tax code have dwindled to a faint breeze just 20 months after its enactment, writes John...Politicsread more
Epstein, 66, was found in his cell in Manhattan federal lockup Saturday morning and transferred to a nearby hospital, where he was subsequently pronounced dead.Politicsread more
Air travelers faced delays at U.S. airports on Friday afternoon after a computer issue snarled processing of international arrivals.Airlinesread more
Cisco has settled with federal, state and local agencies for $8.6 million in a first-of-its-kind whistleblower case involving a cybersecurity flaw.
The case involves attempts by a Denmark-based employee of a Cisco partner, who alerted the company in November 2008 to a flaw in software made for a line of Cisco surveillance cameras. The problem wasn't fixed for years, and the funds are meant to reimburse the whistleblower and federal, state and local entities to whom Cisco misrepresented the safety of the cameras.
Though the settlement is relatively small, it's a case that many companies will be watching closely as they navigate the hundreds or thousands of vulnerability reports they receive from outside researchers each month, and try to parse which ones need attention and which are just hype.
In a statement, Cisco said, "We are pleased to have resolved a 2011 dispute involving the architecture of a video security technology product we added to our portfolio through the Broadware acquisition in 2007. There was no allegation or evidence that any unauthorized access to customers' video occurred as a result of the architecture."
According to the complaint, James Glenn, a Denmark-based employee of a Cisco partner company called Net Design, contacted Cisco in November 2008. He said he had discovered a flaw in Cisco's proprietary surveillance camera software that not only made it easy for a would-be attacker to access the systems running the devices, but to also hack deeper into those systems after gaining entry. Glenn made the discovery after participating in a so-called "own medicine" initiative by his company, where employees security test equipment and software they're using or working on.
According to the complaint, Glenn said he tried to contact Cisco through an online form meant for reporting vulnerabilities, but was unsuccessful in reaching anyone. Shortly after that, Net Design fired him. The firing, because it took place in Denmark, was not a part of Glenn's whistleblower claim in the U.S., according to his attorneys.
Later, Glenn claims he discovered the unfixed cameras and software were still being used by the Los Angeles International Airport, and in 2010 he contacted the local authorities and ultimately law enforcement personnel working within LAX to report the problem.
But according to court filings cited by Glenn's attorneys, Cisco didn't fix the vulnerability until an updated version of the software was released in 2012. The company also didn't release a security advisory to companies using the previous, flawed version of the software until 2015.
Importantly, the flaw hinged on faulty access controls, making it too easy for anyone to access the equipment. This made the products non-compliant with the federal government's National Institute of Standards in Technology (NIST) framework, which dictates the security measures required by tech companies wishing to do business with the federal government. Many state and local agencies also demand NIST compliance.
Since Cisco had continually represented its surveillance products were compliant with NIST during the timeframe it remained vulnerable, the Western District of New York court determined the company had violated the False Claims Act by not minding the warnings of the whistleblower and continuing to claim the cameras were compliant, Glenn's attorneys said.
The cameras were used in a wide range of federal government entities, including military installations, prisons, local courthouses and many others, according to Anne Hartman, attorney for Glenn and partner in San Francisco-based whistleblower law firm Constantine Cannon.
Cisco had argued that it had released a best practices guide, with information about how to set access controls so the flaw wouldn't present a problem, and reassured Glenn at one point they were working on the issue, both of which weren't enough of a remedy to avoid a whistleblower case, Hartman said.
Companies should pay attention, Hartman said, because they face a tripling of damages from cases like this.
"It's astonishing that there aren't more of these cases being brought," she said.