There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…
Category: Business Sector
FTC Says Listen Up When Vulnerability Reports Come In
James Denvil and Paul Otto of Hogan Lovells write: The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS…
Computer hacker extradited from Cyprus to Pittsburgh to face charges
First they caught the botnet administrator in Cyprus. Then they extradited him to Pittsburgh. Andrew Conte reports: Andrey Ghinkul, of Moldova, is scheduled to appear at 2 p.m. at the U.S. Courthouse, Downtown. He plans to plead not guilty, his lawyer, Arkady Bukh of New York City, told the Tribune-Review. Ghinkul will be represented by a public defender…
UK: Cool Components’ email database taken in apparent data breach
Gareth Halfacree reports on a somewhat atypical breach with a poor incident response by Cool Components: Hobbyist electronics specialist Cool Components has been hit with an apparent data breach in which persons unknown have made off with its customer email list – but the company claims its investigation has turned up no evidence of security issues….
RubberStamps.net, Incipio notify customers of breaches
While uKnowKids had a somewhat despicable disclosure of their breach that involved shooting the messenger, here are two positive examples of breach disclosures I came across this week: RubberStamps.net notified about 7,000 customers that its web site was compromised between November 3, 2015 to December 11, 2015. In a well-written letter, Scott Lee, the President and CEO, Superior Labels, Inc. explained that…
Operation Blockbuster Coalition Ties Sony, Other Destructive Attacks to Lazarus Group
Michael Mimoso reports: The nation-state sponsored hacker group allegedly behind the 2014 attack against Sony Pictures Entertainment has been linked to similar intrusions against a number of companies in South Korea including the Dark Seoul and Operation Troy attacks. A coalition of security companies called Operation Blockbuster, including Kaspersky Lab, Novetta, AlienVault, Invincea, ThreatConnect, Volexity, Symantec,…