Dawn Kawamoto reports: An attack on a single IV infusion pump or digital smart pen can be leveraged to a widespread breach that exposes patient records, according to a Spirent SecurityLabs researcher. Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat…
Category: Commentaries and Analyses
Poor incident response? Bad PR, Monday edition
If you can’t prevent a breach, can’t you at least fake genuine concern? You know, the “At <blahblahblah>, we take your privacy and security very seriously” bit? Mark Flamme reports on a Key Bank breach where the bank’s response to notification of a problem is at least as problematic as the breach itself. After a…
Security researcher released; had been jailed 8 months while awaiting trial on charges of cyberstalking an FBI agent
After almost eight months in pre-trial detention on charges of cyberstalking a Dallas FBI agent, Texas dental integrator and independent security researcher Justin Shafer got to go home tonight after a federal judge agreed with Shafer’s lawyer who appealed the revocation of Shafer’s pre-trial release. Shafer had been jailed since earlier this year on charges…
EU Data Protection Authorities Establish Task Force to Collaborate on Uber Data Breach
Hunton & Williams writes: On November 29, 2017, the EU’s Article 29 Working Party (”Working Party”) announced the establishment of a task force to coordinate the plethora of national investigations throughout the EU into Uber’s 2016 data breach that affected approximately 57 million users worldwide. The task force is being led by the data protection…
More than two years after compromise, Combat Brands was still battling malware?
First, there was this: On January 25, 2017, Combat Brands began investigating some unusual activity reported by its credit card processor. Combat Brands immediately began to work with third-party forensic experts to investigate these reports and to identify any signs of compromise on its systems. On February 23, 2017, Combat Brands discovered that it was…
Massive Malaysian telco data breach might be an inside job
A. Azim Idris reports: Investigators in Malaysia have suggested the massive personal data leak of 46 million mobile phone accounts was linked to a subcontractor of the Southeast Asian country’s very own Internet regulators. On Monday, Inspector-General of Police Mohamad Fuzi Harun said investigators were tracking down the owner of an e-mail account which could…