This goes to the point I was making the other day about the risk of hackback when your attribution can be all wrong: an editorial by Financial Times begins: In the sordid world of cyber war, there is no such thing as professional courtesy. That was the finding of a report this week, which said…
Category: Commentaries and Analyses
White House kicks infosec team to curb in IT office shakeup
Sean Gallagher reports: An internal White House memo published today by Axios reveals that recent changes to the information operations and security organizations there have left the security team in tumult, with many members headed for the door. And the chief of the White House’s computer network defense branch—who wrote the memo after submitting his…
OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System
Note: coverage of the breaches referenced below can be found on this stie by searching it for “Jackson Health System.” The following is a press release from the U.S. Department of Health Office for Civil RIghts: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has imposed a civil…
NordVPN, TorGuard and VikingVPN disclose security breaches
João Silva writes: NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there’s the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was “unaware” of. Although NordVPN seems to be playing down the occurrence,…
UK: Ex-Met detective loses court battle over payout for data breach
Diane Taylor reports: A former Metropolitan police detective who successfully sued the force for wrongly using its powers to investigate her has lost her eight-year court battle to hold the police to account. Andrea Brown said after a new ruling against her she might become homeless paying the police’s costs. “It can’t be right that the police…
Hackers Breach Avast Antivirus Network Through Insecure VPN Profile
Ionut Ilascu reports: Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account….