The FTC announced a settlement in a data security enforcement action against InfoTrax Systems, L.C. and its former CEO, Mark Rawlins. Here is their press release, below, followed by InfoTrax’s comments on the settlement: A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the…
Category: Business Sector
Gaping ‘hole’ in Qualcomm’s Secure World mobile vault leaked sensitive data
Charlie Osborne reports: A severe “hole” in the Qualcomm Secure World virtual processor, now patched, has been disclosed by researchers. According to cybersecurity researchers from Check Point, the Secure World safe compartment — used to house sensitive data in our mobile devices — could be exploited to leak financial information. Read more on ZDNet.
UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball
Gareth Corfield reports: The UK’s Information Commissioner urged the Court of Appeal to side with Morrisons in the supermarket’s battle to avoid liability for the theft and leaking of nearly 100,000 employees’ payroll details – despite not having read the employees’ legal arguments. A letter (PDF) sent to the Court of Appeal in May 2018…
Prank Call Service PrankDial Exposed 138 Million Records Online
Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…
Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
Lawrence Abrams reports: Mexico’s state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files. On Sunday, November 10th, Pemex was hit with a ransomware attack that the company states affected less than 5% of their computers. Workers reported, though, that internal memos told them not to initially…
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin
Brian Krebs reports: Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was…