Betsy Hammond reports: Two separate audits found the Oregon Department of Education didn’t do enough to ensure that its huge cache of data on more than 600,000 students remains private. Hundreds of people in school districts and in state government have access to some or all of that data. That means keeping it safe is…
Category: Commentaries and Analyses
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
From Recorded Future: Key Takeaways Adobe Flash Player provided six of the top 10 vulnerabilities used by exploit kits in 2016. Since our 2015 ranking, Flash Player’s popularity with cyber criminals remains after increased Adobe security issue mitigation efforts. Vulnerabilities in Microsoft’s Internet Explorer, Windows, and Silverlight rounded out the top 10 vulnerabilities used by…
Ca: Staff at Nunavut hospital need more training to ensure patients’ privacy protected
Elyse Skura reports: A lack of leadership at the Qikiqtani General Hospital may be putting patients’ personal information at risk, says Nunavut’s Information and Privacy Commissioner. A new privacy audit at the territory’s only hospital revealed that no one is in charge of ensuring staff follow privacy regulations, there’s no standard system to track who is…
Eir warns broadband customers of modem security breach
BreakingNews.ie reports: Eir is warning costumers that its modems have been comprised in a security breach. It is understood at least 2,000 have been breached by a computer virus. Costumers are being advised to reset their devices after a security vulnerability identified on a “limited number” of Zyxel D100 and Zyxel P-660HN-T1A broadband modems. Read…
e-Wallets: No prescribed security standards under Indian e-wallet laws puts your financial data at risk
Asheeta Regidi reports: The government is pushing very strongly for a cashless society. After the demonetisation move, several initiatives have been seen to further encourage going cashless. The latest of these is the Ministry of Urban Development’s direction for all Urban Local Bodies to shift to e-payments. While cashless transactions are a convenience and the…
Sadly, SQL injection attacks never go out of style – or effectiveness
“Kapustkiy,” a self-described teenager who has been using SQL injection attacks on a number of government sites, today dumped some data from the National Assembly of Ecuador. There were 655 email addresses and passwords in his public paste, although the list contained some duplicates. As he has done in the past, and as he informed this site…