Just as Chris Vickery has tried to focus attention that there are still tens of thousands of misconfigured databases exposing PII and other information that should be protected because port 27017 is open, now TeamGhostShell is also calling attention to the problem – plus other open ports and issues. In his disclosure on a paste site,…
Category: Commentaries and Analyses
Eighth Circuit Finds That Insurance Coverage Extends To Fraudulent Losses Caused By Computer Hacker
Bethany Rupert of King & Spaulding provides additional coverage of an appellate ruling I had previously noted on this site: On May 20, 2016, the U.S. Court of Appeals for the Eighth Circuit affirmed breach-of-contract claims brought by Minnesota-based State Bank of Bellingham (“Bellingham Bank”) against BancInsure Inc. (“BancInsure”), an insurance company that refused to provide…
Major insurer does not have to cover restaurant chain’s data breach
Lyle Adriano reports that some of P.F. Chang’s breach-related costs are not covered by its insurance: A federal court ruled that Chubb Ltd. does not have to reimburse P.F. Chang’s for costs the restaurant chain charged by its credit card processor under its cyber policy. […] The Federal Court ultimately concluded that on several counts…
The huge Dropbox password leak that wasn’t
Graham Cluley reports: …as Brian Krebs reports, recent claims from identity theft protection firms that Dropbox has suffered a massive password breach appear to be erroneous. Troy Hunt – who knows a thing or two about verifying and responsibly disclosing data breaches – also chimed in, decrying that some had jumped to the conclusion that a serious…
Fed records show dozens of cybersecurity breaches
Jason Lange and Dustin Volz reports: The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records. The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role…
Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches
A public service announcement from the FBI (Alert Number I-060116-PSA): The Internet Crime Complaint Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details,…