The NYS Comptroller’s Office released a number of IT audit reports for k-12 public school districts this month. Their findings will come as no surprise to regular readers of this site. Belleville-Henderson Central School District: You can read the complete report here (pdf), although the state omitted sensitive details from the public report that it…
Category: Commentaries and Analyses
Phorpiex botnet made $115,000 in five months just from mass-spamming sextortion emails
Catalin Cimpanu reports: Researchers at cyber-security firm Check Point say they’ve tracked one of the sources of the recent rise in sextortion emails to a good ol’ friend — the Phorpiex spam botnet, also known as Trik. Check Point says that since April, they’ve seen the botnet send out multiple spam campaigns with a “sextortion” lure —…
Equifax data breach FAQ: What happened, who was affected, what was the impact?
We spent a good amount of time in the cybersecurity forum today talking about the Equifax breach. Here’s a summary of some of their key failures, reported by Josh Fruhlinger and based on A U.S. General Accounting Office’s report, and an in-depth analysis from Bloomberg Businessweek. Here are just two of the findings, as reported by Fruhlinger:…
Mum ‘realises any fingerprint can unlock her Samsung’ with eBay screen protector
Shivali Best reports: A mum in West Yorkshire says she was shocked to discover any fingerprint could unlock her Samsung smartphone after she’d fitted a £2.70 screen protector . Lisa Neilson, 34, from Castleford, bought the cover from eBay in the hopes of protecting her Galaxy S10 smartphone. However, once she’d set up her right and left thumb prints to unlock the smartphone,…
ANNOUNCE: Trying to build your resume as an ethical researcher and whitehat? Now there’s some help for you.
I won’t have much time to update news over the next few days while I am in Washington DC for the Privacy and Security Forum, but I just couldn’t wait until I got back to share what I hope is encouraging news for some of you. I know that there are a number of young…
When Test Data is Not Test Data
Jeremiah Fowler of Security Discovery tackles a common problem researchers and journalists experience all too frequently: There is a growing trend among organizations and companies to simply deny that live production data is real. As a security researcher I often hear that everyone is a small start-up and all data is test data, or it…