The FTC announced a settlement in a data security enforcement action against InfoTrax Systems, L.C. and its former CEO, Mark Rawlins. Here is their press release, below, followed by InfoTrax’s comments on the settlement: A Utah-based technology company has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the…
Category: Commentaries and Analyses
Gaping ‘hole’ in Qualcomm’s Secure World mobile vault leaked sensitive data
Charlie Osborne reports: A severe “hole” in the Qualcomm Secure World virtual processor, now patched, has been disclosed by researchers. According to cybersecurity researchers from Check Point, the Secure World safe compartment — used to house sensitive data in our mobile devices — could be exploited to leak financial information. Read more on ZDNet.
Pangilinan raises anew risks of espionage, breach of data privacy on entry of China-owned telco
Mario Casayuran reports: Minority Senator Francis N. Pangilinan raised on Wednesday espionage and data privacy questions on the entry of third telecommunications company (telco), Dito Telecommunity Corporation, a consortium which includes a China-owned company, into the Philippine communications industry after it was a given a tentative agreement to install towers inside Philippine military camps. Read…
Analyzing Careless Users, An Often Overlooked Threat
Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence? The Clearwater CyberIntelligence® Institute analyzed the Critical and High risks found in Clearwater’s IRM|Analysis™ database, specifically focusing on…
Enhancing the Security of Data Breach Notifications and Settlement Notices
Ryan Amos, Mihir Kshirsagar, Ed Felten, and Arvind Narayanan write: We couldn’t help noticing that the recent Yahoo and Equifax data breach settlement notifications look a lot like phishing emails. The notifications make it hard for users to distinguish real settlement notifications from scams. For example, they direct users to URLs on unfamiliar domains that are not clearly…
A leak report quietly disappears, leaving questions in its wake
On October 8, Jeremiah Fowler reported that he had discovered a non-password protected database that contained what appeared to be information regarding healthcare workers and traveling nurses. If you had read the report on Security Discovery at the time, you would have read that almost one million people were potentially affected. Based on that reporting,…