Dustin Volz reports: The U.S. Office of Personnel Management (OPM) did not follow rudimentary cyber security recommendations that could have mitigated or even prevented major attacks that compromised sensitive data belonging to more than 22 million people, a congressional investigation being released on Wednesday has found. Two breaches at the federal agency detected in 2014…
Category: Commentaries and Analyses
Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops
It’s nice to read reports where the good guys screw the bad guys… Darren Pauli reports: HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it. The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents…
As databases from old hacks appear, they also go up for sale
The free market system might appear to be alive and well on the dark web. As sites like LeakedSource add newly leaked databases from hacks in 2012-2015, we are also likely to find the databases up for sale on sites like dark web marketplaces. For current examples, see the listings for the Dropbox database and BitcoinTalk forum database:…
Southwest Portland Dental notifies patients of Patterson Dental breach
There’s a somewhat interesting follow-up to a situation DataBreaches.net first reported in February. Back then, DataBreaches.net had reported that 22,000 patients from several health care providers had their PHI exposed on an FTP server that Patterson Dental used to provide support documentation for its Eaglesoft software. That report was based on information and screenshots provided by a researcher….
Dutch privacy regulator receives 3,400 data breach reports
Telecompaper reports: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) has received 3,400 reports of data leaks since new rules on reporting such incidents took effect 01 January. AP vice chairman Wilbert Thomesen told BNR that this was not considered a high amount, given the around 135,000 businesses and organisation handling personal data that…
LabMD files for stay of FTC order
As expected, LabMD is seeking a stay of the FTC’s order while they appeal the Commission’s final order to a federal court. As I was reading their application, one particular footnote caught my eye, as it relates to the purpose of the raid on Tiversa that this site reported back in March. 3 The FBI raided Tiversa headquarters in Pittsburgh, Pennsylvania,…