From a GAO report 17-440T released today: What GAO Found GAO has consistently identified shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve…
Category: Commentaries and Analyses
Open Databases a Juicy Extortion Target (and a Sitting Duck for Malicious Destruction)
I’ve reported on this concern before, but Tom Spring has a nice write-up on ThreatPost that begins: Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from…
Third-party incidents continue to put patient ePHI at risk: Protenus
Protenus, Inc. has released its Breach Barometer for January. As they report, 2017 is starting out where 2016 left off: we are seeing an average of one breach per day involving health data. Protenus’s report, based on 31 incidents, reported that there were 388,307 breached records for the 26 incidents for which they had numbers. The single largest…
FBI Search Warrant That Fueled Massive Government Hacking Was Unconstitutional, EFF Tells Court
Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history. The Constitution requires law enforcement officers seeking a search warrant…
Hackers Using RDP Attacks to Install CRYSIS Ransomware
How many times do folks need to be told to disable Remote Desktop Protocol (RDP) if it’s not necessary and in use? As Ionut Arghire reports,here’s another reason if you still haven’t addressed the risks to your security. CRYSIS, a ransomware family that emerged last year, is being distributed via Remote Desktop Protocol (RDP) brute…
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam….
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam, but just haven’t managed to get around to it yet, consider this report yesterday from Wapack Labs about what they’re seeing in marketplaces on the darkweb: Wapack Labs has identified an actor in the Tor-based markets – we have labeled…