Catherine Stupp reports: Facebook Inc., Clubhouse and Microsoft Corp.’s LinkedIn have stressed that recently reported data leaks involved information from public user profiles, not from security breaches. In the European Union, where privacy laws require businesses to protect even publicly available personal data, that distinction may not relieve them of responsibility. Read more on WSJ.
Category: Commentaries and Analyses
Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge
Gareth Corfield comments: UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells…
Ransomware ‘bull’s eye’ grows, clouding telehealth’s rise in long-term care
Kimberly Mersalas reports: Even as COVID-19 and its emphasis on telehealth have opened providers to greater cybersecurity risks, insurance policies that offer potential protection are becoming more expensive, and in some cases, harder to get. Insurers are issuing 25% to 50% premium increases this year, reflecting a large number of ransomware payouts over the last…
The Incredible Rise of North Korea’s Hacking Army
Ed Caesar reports: Shimomura was a member of the Yamaguchi-gumi, the largest yakuza crime family in Japan. When one of his superiors asked him if he wanted to make a pile of fast money, he naturally said yes. It was May 14, 2016, and Shimomura was living in the city of Nagoya. Thirty-two years old and…
Bank Groups Object to Proposed Breach Notification Regulation
Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
NY State Comptroller DiNapoli Releases School District Audits
New York State Comptroller Thomas P. DiNapoli announced school district audits this week. Here are the summaries with links to the audit reports: Hudson City School District – Information Technology (Columbia County) District officials did not adequately secure and protect its information technology (IT) systems against unauthorized use, access and loss. The board and district…