Tim Cushing reports an update on a 2019 breach previously noted on this site; Last year, a CBP vendor suffered a data breach affecting more than 100,000 people who had crossed the border at checkpoints. The CBP refused to name the contractor involved in the breach, but internal documents indicated it was Perceptics. Perceptics provided and maintained the…
Category: Commentaries and Analyses
Framework Outlines How Companies Should Talk About Breaches
Fahmida Y. Rashid writes: Investigating and recovering from security incidents are extremely stressful and time-consuming. Talking about what happened poses a different set of challenges, and many organizations struggle with effective communication. Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as…
The Cyber-Avengers Protecting Hospitals From Ransomware
Sonner Kehrt has an article on CTI that begins: It was early February when Ohad Zaidenberg first started noticing malicious emails and files disguised as information about Covid. He’s a cyber intelligence researcher based in Israel, and they were the sort of schemes he encountered all the time—benign-looking messages that trick people into giving someone network…
When coffee makers are demanding a ransom, you know IoT is screwed
Dan Goodin reports: With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong. As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250…
Pastebin’s new features concern infosec community
Catalin Cimpanu reports that Pastebin added new features that researchers fear and predict will be wildly abused: Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password. None of the…
Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People
HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general,…