Years ago, I had hoped more states would require breach notifications to central offices and that states would then share those reports with the public, much as New Hampshire had done. But things haven’t really become more transparent. Maryland and California remain positive examples of transparency, but New Hampshire’s site, while still available, has lost…
Category: Commentaries and Analyses
BitPyLock Ransomware Now Joins the Ranks of Those Threatening to Publish Stolen Data
As I anticipated, it is only getting worse. Now Lawrence Abrams reports: A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices. BitPyLock was first discovered by MalwareHunterTeam on January 9th, 2020 and has since seen a trickle of new victims daily. What is…
Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
If there is anything positive at all about the legal bullshit 1to1Help,net has perpetrated to cover up their data leak and to deflect blame, it is the support I have received from the Internet Freedom Foundation in India. But before diving into that more, a quick update on 1to1Help’s shameful litigation: After reading the court…
German Researchers Accessed Service Members’ Sensitive Medical Data—and One Lawmaker Wants Answers
Brandi Vincent reports: A Democratic lawmaker wants answers and actions taken to address unsecured servers at three military medical facilities that he said are putting service members’ personal information at risk. Sen. Mark Warner, D-Va., penned a letter to the Defense Health Agency Thursday pressing it to eliminate the exposure of sensitive medical data belonging to military…
Iran vs U.S., The Cyber Front Explained
On January 3, the U.S. announced the successful assassination of Qasem Soleimani, Iran’s top general. Dire warnings about retaliation immediately appeared in the news, and it wasn’t long before we began to see headlines claiming that Iran had launched cyberattacks on the U.S. But were these really state actors or sophisticated actors, or or were…
FTC Summarizes 2019 Changes to Data Security Orders
Caleb Skeath and Danielle Kehl of Covington & Burling write: In a recent blog post, the Federal Trade Commission highlighted three key changes it made in 2019 in its approach to issuing orders in data security enforcement matters. As stated by Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, in the blog post, the…