Lee Mathews writes: We’ve seen some pretty dastardly ransomware pop up over the past couple of years. Popcorn Time decrypts your files for free if you pass the infection on to your friends. Jigsaw deletes some of your files every hour until you pay up. The Koolova ransomware put a whole new spin on things. Like Popcorn…
Category: Commentaries and Analyses
Ransomware Has Evolved, And Its Name Is Doxware
Chris Ensey writes that as entities try to defend themselves better against ransomware, criminals have come up with a new twist to make it more likely for their victims to pay up: Many companies have figured out that they can avoid paying these ransoms by wiping a system clean, restoring it with backup drives, and…
Changing other people’s flight bookings is too easy
Lucian Constantin reports: The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem. Karsten…
Topps’ payment card breach was just its latest data security incident
A number of sites have now reported on Topps‘ recent disclosure that on October 12, it became aware of unauthorized access to payment card information for customers using the topps.com website between July 30 and October 12. A copy of the sports card and memorabilia giant’s notification can be found on several state regulators’ sites but not, it seems…
The Netherlands: almost 5500 data breaches notified in 2016
Richard van Schaik and Róbin de Wit write: The Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) revealed that almost 5500 data breaches have been notified since the legislation on mandatory data breach notification duties entered into force on 1 January 2016. Pursuant to this legislation, it is mandatory for all types of data controllers…
GRIZZLY STEPPE – Russian Malicious Cyber Activity
Joint Analysis Report Reference Number: JAR-16-20296 December 29, 2016 Summary This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence…