ES: City Council of Durango “Completely Paralyzed” by Cyberattack The City Council of Durango in Biscay reports it is “completely paralyzed” by a cyberattack last Saturday. The news site Durangon quotes the Deputy Mayor, Iker Urkiza (machine translation) that the ‘hacking “has been serious” and that it will paralyze their computer systems “for weeks.” According…
Category: Commentaries and Analyses
Lorenz ransomware gang plants backdoors to use months later
Ionut Ilascu reports: Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks. Some gangs are exploiting the flaws to plan a backdoor while the window of opportunity exists and may return long after the victim applied the necessary security updates. One case is a…
A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes
Zack Whittaker reports: A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight…
Identity Thieves Bypassed Experian Security to View Credit Reports
Brian Krebs reports: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s…
What Twitter’s 200 million email leak really means
Lily Hay Newman reports: After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network…
FCC Proposes to Modernize Data Breach Rules
Commission Will Seek Comment on Proposed Consumer and Law Enforcement Notification Requirements for CPNI Leaks — WASHINGTON, January 6, 2023—The Federal Communications Commission today launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The Commission will look to better align its…