Dina Bass of Bloomberg reports: Last year, Microsoft Corp.’s Azure security team detected suspicious activity in the cloud computing usage of a large retailer: One of the company’s administrators, who usually logs on from New York, was trying to gain entry from Romania. And no, the admin wasn’t on vacation. A hacker had broken in….
Category: Commentaries and Analyses
Chinese hackers, APT10, may have struck Keidanren system in 2016
Tatsuya Sudo reports: A Chinese group that has been accused by the U.S. government in a series of cybertheft cases around the world is now suspected in the 2016 hacking of the computer system used by Keidanren (Japan Business Federation). Keidanren officials announced in November 2016 that 23 computers used in the federation’s system had…
Directors and Officers Settle Over Yahoo Hack: A New Chapter in Derivative Litigation?
Craig A. Newman of Patterson Belknap writes: Yesterday, a Superior Court judge in Santa Clara, California approved what is believed to be the first monetary award to a company in a data breach-related derivative lawsuit. Until now, such breach-related derivative cases have settled through a combination of governance changes and modest awards of attorney’s fees. But…
EPIC Seeks to Intervene in Human Rights Case on Government Hacking
From the folks at EPIC.org: EPIC is requesting to intervenein a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdomasks whether remote hacking of devices and the use of malware by UK…
A Nasty Trick: From Credential Theft Malware to Business Disruption
Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer write: FireEye is tracking a set of financially-motivated activity referred to as TEMP.MixMaster that involves the interactive deployment of Ryuk ransomware following TrickBot malware infections. These operations have been active since at least December 2017, with a notable uptick in the latter half of 2018, and have…
SingHealth breach review recommends remedies that should already be basic security policies
Eileen Yu reports: A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident. […] The 454-page report published today outlined 16 recommendations the committee said were made…