Brad D. Williams reports: Critical infrastructure operators have long faced the formidable security challenges of zero-day vulnerabilities and advanced persistent threats (APTs), both of which were employed in some of the most prominent cyberattacks in the sectors to date. But one researcher is warning leaders in government and industry of an old threat that, fueled…
Category: Commentaries and Analyses
Health data breaches in 2017: The terrible, horrible, no good, very bad year? Join us for webinar!
By now, you’ve probably read at least a few reports on mid-year figures for breaches that suggest that 2017 is worse than 2016. In collaboration with Protenus, Inc., DataBreaches.net has worked up some mid-year figures for U.S. breaches involving health/medical data. Join me and Robert Lord of Protenus on Wednesday, August 2 at 1 pm,…
Ransomware victims have paid out more than $25 million, Google study finds
Russell Brandom reports: Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering. By following those payments through the blockchain and comparing them against known samples, researchers were able…
Google Groups misconfiguration leads to sensitive data leaks
Zeljka Zorz reports: If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to “Private”. According to RedLock researchers, many companies fail to do so, most probably by accident, and end up exposing messages containing sensitive information on the…
Microsoft opens up a new front in the battle against Fancy Bear
John E. Dunn reports: Can anyone – or anything – take on well-resourced nation state hacking groups? Protected by anonymity and plausible deniability, conventional wisdom says not, but conventional wisdom ignores a company like Microsoft wielding a secret weapon with the power to hinder even the cleverest hacking group: lawyers. This, it has emerged, is…
Stick with Security: FTC to Provide Additional Insights on Reasonable Data Security Practices
From the Federal Trade Commission: As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These…