Remember when “We take your privacy and security very seriously” became de rigueur in breach disclosures? Now there’s other language being frequently added to breach disclosures — language that makes it sound like what the entity is about to tell you is really no huge deal, but if you feel you really need to protect…
Category: Commentaries and Analyses
Dark Web Price Index 2021
Information in this report reflects data collected on May 9, 2021 and reported by Privacy Affairs. They report their methodology was to: “scan dark web marketplaces, forums, and websites, to create an index of the average prices for a range of specific products.” Their findings are also compared to what they found in 2020. You…
An insurtech startup exposed thousands of sensitive insurance applications
Zack Whittaker reports: A security lapse at insurance technology startup BackNine exposed hundreds of thousands of insurance applications after one of its cloud servers was left unprotected on the internet. BackNine might be a company you’re not familiar with, but it might have processed your personal information if you applied for insurance in the past…
TX: Thousands of employees and dependents of Whitehouse ISD just had their data dumped on the dark web
School districts continue to be low-hanging fruit for threat actors. While Grief threat actors hacked and then dumped data from Clover Park School District in Washington, Booneville School District in Mississippi, and Lancaster ISD in Texas, Vice Society hacked and then dumped data from Whitehouse ISD, also in Texas. On June 28, DataBreaches.net emailed Whitehouse…
Dutch ethical hackers on a mission to fix the internet
AFP has a nice piece on Victor Gevers and the Dutch Institute for Vulnerability Disclosure. No, DIVD are not new kids on the block. They have been around for years, quietly and responsibly disclosing vulnerabilities, which is why some of us were appalled — and furious — when Victor was falsely accused of lying about…
Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
Iain Thomson reports: Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited…