Carten Cordell reports: A series of four audits by the General Services Administration’s inspector general have found that the agency’s cloud computing system made personally identifiable information accessible to employees and contractors not authorized to have it. The audits, which were instituted after the OIG found multiple instances where sensitive information was accessible on GSA’s…
Category: Commentaries and Analyses
Investors Sue Yahoo Over Post-Hack Stock Plunge
I don’t think investors’ lawsuits related to data breaches have been a particularly winning strategy to date, but if any investors’ suit has a chance, this one might – or at least, should have a chance. Maria Dinzeo reports that those who invested in Yahoo! are suing the company: A proposed class of hundreds of thousands…
Google Removes Ransomware-Laden App From Play Store
Jai Vijayan reports: A ransomware sample that was recently discovered embedded in an Android application on Google Play Store suggests that threat actors may have found a dangerous new way to get extortion malware on mobile devices. The malware, dubbed Charger, is believed to be the first instance of ransomware being successfully uploaded to Google’s…
NYS audit finds Holland Patent Central School District not adequately protecting PPSI
Another audit from the NYS Comptroller is worthy of note here. This one audited the Holland Patent Central School District for access to their student information system (SIS). The District operates four schools with approximately 1,500 students and 300 employees. This audit covered the period of July 1, 2015 – July 31, 2016. According to the state, the…
Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs reports: A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website. [….] Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total…
Stop calling all hacks with ransom demands “ransomware”
For the past year, I’ve been criticizing entities that describe their data leaks as “hacks” (cf, this article of mine on The Daily Dot or this post as examples). More recently, Zack Whittaker has also forcefully raised that issue on ZDNet. Whether other journalists will adapt their language and correctly report incidents as “leaks” instead of “hacks”…