China Citizen Watch, the official Chinese division of the Japanese watch giant Citizen, and Bulova Watch Company (a Citizen brand in the U.S.) have both been affected because China Citizen Watch or its hosting company left an unsecured RSYNC server online with more than 150TB of files. Cursory skimming of the files, necessitated by Citizen…
Category: Commentaries and Analyses
‘Incredibly sensitive’ data is open to cyberattack at Mass. tax-collection agency, audit report says
Colin A. Young reports: The state auditor has determined that the Department of Revenue has not done enough to defend sensitive taxpayer data like Social Security numbers and payment histories from cyberattacks, and the agency is working to bolster its strategic planning and training. The audit did not unearth new instances in which sensitive data…
Researcher Releases Data on 100,000 Phishing Attempts to Teach You How to Not Get Hacked
Lorenzo Franceschi-Bicchierai reports: A security researcher who specializes in tracking government hacking attempts published 25GB of data on 100,000 phishing attacks on Monday. […] Claudio Guarnieri, who works at Amnesty International and has been tracking targeted attacks against dissidents and activists for almost a decade, published the dataset to help other researchers track hackers, and…
11 New US School Districts Compromised by Ransomware; 72 in 2019
Security Magazine reports: Eleven new U.S. school districts (comprised of 226 schools) have been compromised by ransomware since late October, says a report by Armor. Since January 2019 to date, Armor has identified a total of 72 school districts and/or individual educational institutions that have publicly reported being a victim of ransomware. These attacks have potentially…
Unsecured backup devices continue to be a hot mess
After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…
Minnesota Blue Cross scrambles to boost cyberdefenses
Joe Carlson reports: Blue Cross Blue Shield of Minnesota is working rapidly to shore up its cybersecurity defenses after an internal whistleblower raised alarm that the state’s largest health insurer had long neglected thousands of important updates. Internal documents show that Minnesota Blue Cross allowed 200,000 vulnerabilities classified as “critical” or “severe” to linger for…