Commentaries and Analyses – Page 352

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Posted on October 8, 2020 by Dissent

Brian Krebs reports: There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of…

Blackbaud Data Breach: Non-Profit Foundations (Part One)

Posted on October 7, 2020 by Dissent

Marco A. De Felice aka @amvinfe has begun a series of articles on the Blackbaud breach. He begins with Blackbaud’s initially inaccurate claims that no Social Security numbers, bank account data, or sensitive details had been accessed and exfiltrated. As most people know by now, Blackbaud had to issue an update to its original notification,…

A security flaw in Grindr let anyone easily hijack user accounts

Posted on October 6, 2020 by Dissent

Zack Whittaker writes: Grindr, one of the world’s largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address. Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue…

Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever

Posted on October 5, 2020 by Dissent

Davey Winder reports: Max Heinemeyer, director of threat hunting at Darktrace, thought it would be interesting to look back at the seven years since launching its AI-powered cybersecurity solution. Look back through the lens of some of the weirdest attacks that the AI cyber-brain had identified that is. You know what, he was right. I’ve…

Was OFAC’s Advisory an October Surprise or More of the Same?

Posted on October 4, 2020 by Dissent

Lee A. Casey and Theodore J. Kobus III of BakerHostetler comment on the recent OFAC advisory that made a lot of headlines this past week. As I had pointed out in my preface to coverage of the advisory, it was footnoted that the advisory does not have the force of law or change any regulations…

Hackers Take Advantage of India’s Loose Data Privacy Laws

Posted on October 4, 2020 by Dissent

SiliconIndia reports: India has some of the loosest data policy laws on the planet. Hackers have seen these loose data privacy laws as the opening they need to steal data and sell it on the black market. Regulations are changing, but many experts that are seeing the importance of data protection feel that they are not moving…