Tom Spring reports: Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user. “The hack allowed me to harvest as many email addresses as I wanted from anybody on Facebook,” DeVoss…
Category: Commentaries and Analyses
NY financial regulator to delay cyber security rules
Suzanne Barlynne reports: New York’s financial regulator will delay an anticipated Jan. 1 deadline for banks and insurers doing business in the state to comply with controversial cyber security rules, a person familiar with the matter said. The regulator, the New York State Department of Financial Services, will publish a revamped version of its cyber…
What Can Be Learned From 2016 Security Incidents?
Craig Hoffman raises some valid points about lessons that can be learned following a security incident. Here are just a few of his points: Acknowledging that trust but verify is important (e.g., if someone says a network is segmented, check the ACLs and firewall rules to confirm this). Knowing that you can have great security…
Black market medical record prices drop to under $10, criminals switch to ransomware
Maria Korolov reports: The black market value of stolen medical records dropped dramatically this year, and criminals shifted their efforts from stealing data to spreading ransom ware, according to a report released this morning. Hackers are now offering stolen records at between $1.50 and $10 each, said Anthony James, CMO at San Mateo, Calif.-based security…
Fairbanks Hospital notifies patients after discovering employees could have been inappropriately accessing patient records for years (UPDATED)
Fairbanks Hospital in Indianapolis is notifying an undisclosed number of patients that employees could have been accessing protected health information of patients since at least November 2013 (and possibly earlier). The information that was accessed included current and former patients’ social security numbers, contact information, diagnosis, treatment and health insurance. In a notification dated December 16, the hospital…
1,000 UK government laptops, computers and data sticks missing since election
The Irish Examiner reports: At least 1,000 government laptops, computers and data sticks have been reported lost or stolen since the general election, according to official figures. Equipment went missing from the Ministry of Defence (MoD) at an average rate of more than one a day, according to records obtained under Freedom of Information (FoI)…