Naomi Gilens of EFF writes: Computer security researchers and journalists play a critical role in uncovering flaws in software and information systems. Their research and reporting allows users to protect themselves, and vendors to repair their products before attackers can exploit security flaws. But all too often, corporations and governments try to silence reporters, and…
Category: Commentaries and Analyses
Trello exposed! Search turns up huge trove of private data
John E. Dunn reports: Hands up who’s used the increasingly popular online collaboration platform Trello? Trello is great for organising to-do lists and for coordinating team tasks. But it has its downsides too. […] Our global cybersecurity operations director at Sophos, Craig Jones, has been keeping an eye on this for a couple of years, first…
The cyber attack the UN tried to keep under wraps
The New Humanitarian reports: While researching cybersecurity last November, we came across a confidential report about the UN. Networks and databases had been severely compromised – and almost no one we spoke to had heard about it. This article about that attack adds to The New Humanitarian’s previous coverage on humanitarian data. We look at how the…
NYS Comptroller Audit of Sackets Harbor Central School District – Information Technology (2019M-208)
The NYS Comptroller released another school district IT audit this week. I’ve been publishing these audit reports for a number of years now because they pretty much all show significant data security failures in protecting student and/or employee personal and sensitive information or assets. Sackets Harbor Central School District is a small school district. It…
UK: Students got £140,000 from University of East Anglia for private data leak
Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
Maze Team updates its site, dumps more victims’ data
The Maze Team attackers continue to announce more of their ransomware victims that have not complied with their ransom demands, and they continue to dump data from those who do not pay them. When I checked their site again today, I noticed that they had announced that they have dumped all their files on the…