Simon Isgar and Bernadette Pinto of Kennedys write, in part: The Saudi Aramco attack of 2012 has been described3 as the first ‘hackavist-style’ assault to use malware. The attack managed to destroy 30,000 computers within the Aramco network, which were believed by security researchers to have been infected with the Shamoon malware. The consequences faced by…
Category: Commentaries and Analyses
UK parliamentary watchdog bemoans inconsistent personal data breach reporting within government
The Public Accounts Committee (PAC) said (69-page / 542KB PDF) there are “major and unexplained variations in the extent to which individual departments report security breaches” at the moment, and urged the government to work with the UK’s data protection authority to develop new guidelines on the issue. “The Cabinet Office should consult with the Information…
Ca: Victim of arson spree questions ICBC’s handling of privacy breach
There’s a follow-up to a breach that I had described as one of the worst insider breaches at its time – because it put lives at serious risk and some victims were firebombed or shot at. Mi-Jung Lee and Kendra Mangione recently interviewed one of the victims, who continues to have concerns about the handling…
Password-stealing security hole discovered in many Netgear routers
Graham Cluley writes: A security researcher has described how he uncovered a severe security hole in dozens of different Netgear routers, meaning that “hundreds of thousands, if not over a million” devices could be at risk of having their admin passwords stolen by hackers. Simon Kenin, a researcher at Trustwave, has explained how sheer laziness on a…
GSA IT gaps leaked personal information, OIG says
Carten Cordell reports: A series of four audits by the General Services Administration’s inspector general have found that the agency’s cloud computing system made personally identifiable information accessible to employees and contractors not authorized to have it. The audits, which were instituted after the OIG found multiple instances where sensitive information was accessible on GSA’s…
Investors Sue Yahoo Over Post-Hack Stock Plunge
I don’t think investors’ lawsuits related to data breaches have been a particularly winning strategy to date, but if any investors’ suit has a chance, this one might – or at least, should have a chance. Maria Dinzeo reports that those who invested in Yahoo! are suing the company: A proposed class of hundreds of thousands…