Lucian Constantin reports: A grey hat hacker has found a critical SQL injection weakness on the official Kaspersky Lab websites in Malaysia and Singapore. Exploiting the vulnerability leads to full compromise of the underlying database, which contains customer information, product keys and other sensitive data. The attack has been documented by a Romanian hacker calling…
Author: Dissent
Businesses still plagued by data breaches
An article by Jackie Noblett includes references to some recent breach notifications affecting Massachusetts residents that I do not recall ever seeing covered in the media: Three separate breaches at State Street Corp. affecting 42 Massachusetts residents involved State Street employees accidentally sending personal information of a customer to the wrong client or financial adviser…
Court Rejects Request to Consolidate TJX Hacker Cases
Kim Zetter of Threat Level reports that: A federal judge in Massachusetts has rejected a request from U.S. attorneys to consolidate a New Jersey case against Albert Gonzalez, who has admitted hacking more than 120 million credit card numbers from Heartland Payment Systems, with two other cases against him in Massachusetts. […] The case was…
AU: Consumers may be told of ID theft
Kim Christian reports: Australian businesses may soon be forced to tell their customers if their personal details have been stolen, under proposed new laws to combat identity theft. One of the world’s biggest technology security companies, Symantec Corp, says it has been approached to assist the federal government with “advice and support” in drafting privacy…
Ca: Alberta health board cleared in records breach
Because we don’t have a privacy commissioner who actually — gasp — investigates breaches and issues findings, and all we have is HHS which doesn’t publish its findings and leaves us generally in the dark, this report out of Canada is especially interesting. The Alberta privacy commissioner’s office has found that the province’s health board…
Ca: Alberta health board cleared in records breach
The Alberta privacy commissioner’s office has found that the province’s health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people. “AHS [Alberta Health Services] had an anti-malware system, firewalls and an intrusion detection system in place. In my…