Jai Vijayan reports: A ransomware sample that was recently discovered embedded in an Android application on Google Play Store suggests that threat actors may have found a dangerous new way to get extortion malware on mobile devices. The malware, dubbed Charger, is believed to be the first instance of ransomware being successfully uploaded to Google’s…
Category: Commentaries and Analyses
NYS audit finds Holland Patent Central School District not adequately protecting PPSI
Another audit from the NYS Comptroller is worthy of note here. This one audited the Holland Patent Central School District for access to their student information system (SIS). The District operates four schools with approximately 1,500 students and 300 employees. This audit covered the period of July 1, 2015 – July 31, 2016. According to the state, the…
Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs reports: A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website. [….] Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total…
Stop calling all hacks with ransom demands “ransomware”
For the past year, I’ve been criticizing entities that describe their data leaks as “hacks” (cf, this article of mine on The Daily Dot or this post as examples). More recently, Zack Whittaker has also forcefully raised that issue on ZDNet. Whether other journalists will adapt their language and correctly report incidents as “leaks” instead of “hacks”…
Cyber extortion – legality of ransom payments and the approach of businesses and insurers
Sami Paracha of Taylor Wessing has an article on cyber-extortion and ransom demands from a UK perspective. It makes for interesting reading. The article begins: Cyber Security is an omnipresent risk for most businesses. And it is a growing risk given the more frequent and serious cyber attacks, higher costs for proactively managing these risks…
2016: Healthcare data breaches in review, Part 2
This is the second part of a look-back at 2016 and a commentary on why we need to analyze breaches differently if we really want to become more proactive in preventing them. Part 1 of this article can be found here). To recap Part 1: although headlines tend to scream “HACK!” (and irritatingly show us stock images of…