Category: Commentaries and Analyses

More victims of yet another Click2Gov breach this week

Posted on by Dissent

Yet another report of a data breach involving Click2Gov software by Central Square Technology. Previous coverage of the publicly disclosed breaches from 2017, 2018, and 2019 are linked from here. Also see research reports by FireEye, Gemini Advisory, and RBS for additional background. The latest victim to come forward — at least the most recent…

Read more

It’s “completely ridiculous” that pentesters are still facing criminal charges in Iowa for doing what they were hired to do.

Posted on by Dissent

If Iowa doesn’t get its act together, businesses and government will have trouble getting security firms to analyze and test their security. Even after law enforcement was told that Justin Wynn and Gary DeMercurio were Coalfire employees just doing what Coalfire had been hired to do by the judicial branch, the men are still facing…

Read more

MESSAGETAP: Who’s Reading Your Text Messages?

Posted on by Dissent

Raymond Leong, Dan Perez, and Tyler Dean report: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network…

Read more

Tech Companies Seek India Govt’s Help For Solving Aadhaar-PF linking Issue of Employees

Posted on by Dissent

Aman Rawat reports that a breach I didn’t even know about last year has raised concerns about what tech companies are willing to do in terms of linking their employees’ provident fund (PF) account numbers to their Aadhaar identification number. PF accounts are compulsory, government-managed retirement savings accounts. So if the government requires employees’ Aadhaar…

Read more