Roy Strom writes: Chieftains of corporate America have long feared the financial and reputational fallout from a hacking breach. But a class action suit unveiled against a law firm last week could add to their data security anxiety. The suit claims that companies and law firms should be held accountable for lax security measures even if their…
Category: Commentaries and Analyses
PwC sends ‘cease and desist’ letters to researchers who found critical flaw
Zack Whittaker reports: A security research firm has released details of a “critical” flaw in a security tool, despite being threatened with legal threats. Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access…
Netgear working to fix flaw that left thousands of devices open to attack
Steve Ragan reports: A remotely exploitable vulnerability in the Nighthawk line of Netgear routers was disclosed on Friday. The flaw leaves customers exposed to having their connections hijacked, as someone exploiting the vulnerability can take complete control of the device. Despite having months to address the problem, Netgear has yet to publish a fix. Read…
Oregon Department of Education risked breach of private student data, audits find
Betsy Hammond reports: Two separate audits found the Oregon Department of Education didn’t do enough to ensure that its huge cache of data on more than 600,000 students remains private. Hundreds of people in school districts and in state government have access to some or all of that data. That means keeping it safe is…
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
From Recorded Future: Key Takeaways Adobe Flash Player provided six of the top 10 vulnerabilities used by exploit kits in 2016. Since our 2015 ranking, Flash Player’s popularity with cyber criminals remains after increased Adobe security issue mitigation efforts. Vulnerabilities in Microsoft’s Internet Explorer, Windows, and Silverlight rounded out the top 10 vulnerabilities used by…
Ca: Staff at Nunavut hospital need more training to ensure patients’ privacy protected
Elyse Skura reports: A lack of leadership at the Qikiqtani General Hospital may be putting patients’ personal information at risk, says Nunavut’s Information and Privacy Commissioner. A new privacy audit at the territory’s only hospital revealed that no one is in charge of ensuring staff follow privacy regulations, there’s no standard system to track who is…