The Office of Inadequate Security
Here is yet another case that reminds us of the insider threat. In this case, the defendants misused Epsilon’s algorithms to predict and sell lists of consumers most likely to respond to fraudster’s schemes’ mailings. Epsilon settled its criminal liability via a deferred prosecution agreement to pay $150 million in penalties and victim compensation and…
Elizabeth Montalbano reports: REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests. Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to…
Catalin Cimpanu reports: Nucleus Software Exports, an Indian company that provides lending software to banks and retail stores, has suffered a major ransomware attack that crippled some of its internal networks and encrypted sensitive business information. The incident took place last Sunday, on May 30, according to a document the company filed on Tuesday with…
Yesterday, following the Congressional hearing where Sony and Epsilon testified, we had a bit of a lively – if truncated – debate on Twitter about breach notification. Not surprisingly, George V. Hulme raised the issue of breach notice fatigue and how notifications should be confined to situations where there is some real risk. Also not…
Grant Gross reports: Recent data breaches at Sony’s PlayStation Network and at e-mail service provider Epsilon will lead to legislation focused on improving cybersecurity at U.S. companies, the chairwoman of a U.S. House of Representatives subcommittee said Thursday. Representative Mary Bono Mack, a California Republican, said she will soon introduce legislation focused on ensuring that…
The House Energy & Commerce Committee Subcommittee on Commerce, Manufacturing, and Trade has scheduled a hearing on Thursday, June 2, 2011, in 2123 Rayburn House Office Building. The hearing, entitled “Sony and Epsilon: Lessons for Data Security Legislation,” will begin 15 minutes after the conclusion of the full committee markup. Background Memo Witness List Jeanette…