Christopher Bing reports: A senior U.S. cybersecurity official is leaving government after being asked to resign, an official familiar with the matter said Thursday, part of a wider thinning of President Donald Trump’s administration following Joe Biden’s election win. Bryan Ware, the Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure…
Category: Commentaries and Analyses
“Email Appender” Implants Malicious Emails Directly Into Mailboxes
As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees…
PROOF POINTS: What happens when private student information leaks
Drawing upon the incredible work of Doug Levin and his K-12 Cybersecurity Resource Center, Jill Barshay of The Hechinger Report highlights some of Doug’s findings — findings the GAO relied heavily upon in their recent report. How you tabulate breaches can make a huge difference in the public’s — and Congress’s — understanding of the…
Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits
Jake Holland and Andrea Vittorio report: Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions. Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database….
FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
Let’s start with the FTC’s press release in Zoom Video Communications, Inc., In the Matter of Matter Number: 192 3167 The Federal Trade Commission today announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series…
Eight months after ransomware attack, Advanced Urgent Care of Florida Keys notifies patients
On March 14, DataBreaches.net reported that Advanced Urgent Care of the Florida Keys had been attacked, and patient data dumped. The data dump had been listed on a Russian-language forum known for data dumps, and the threat actor, then known as “m1x,” called the medical group “Malicious Defaulters” because they wouldn’t pay to prevent data…