Ionut Ilascu reports: Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks. Some gangs are exploiting the flaws to plan a backdoor while the window of opportunity exists and may return long after the victim applied the necessary security updates. One case is a…
Category: Commentaries and Analyses
A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes
Zack Whittaker reports: A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight…
Identity Thieves Bypassed Experian Security to View Credit Reports
Brian Krebs reports: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s…
What Twitter’s 200 million email leak really means
Lily Hay Newman reports: After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network…
FCC Proposes to Modernize Data Breach Rules
Commission Will Seek Comment on Proposed Consumer and Law Enforcement Notification Requirements for CPNI Leaks — WASHINGTON, January 6, 2023—The Federal Communications Commission today launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The Commission will look to better align its…
Man who got into hacking while still in school explains what he did in Anonymous
Ali Condon reports: A man who first got into computer hacking when he was still in school has explained what it was like to work with infamous hacktivist group Anonymous. Mustafa Al-Bassam, who was once a member of Anonymous and is one of the founders of LulzSec, got his first taste for computer programming when he was just…