Micaela McMurrough, Ashden Fein and Catlin Meade write: On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State…
Category: Commentaries and Analyses
Trump’s campaign mute about data security #fail?
It may not be on the level of failing to adequately secure State Department communications, but it seems Donald Trump’s organization could use a refresher course on data security. And when it finishes that, it might want to tackle a course on transparency. On Sunday night, DataBreaches.net received an email from MacKeeper Security Research Center lead researcher Chris Vickery….
A single ransomware network has pulled in $121 million
Maria Korolov reports: A single ransomware author and distributor was able to collect $121 million in ransomware payments during the first half of this year, netting $94 million after expenses, according to a report released today. […] Total ransomware increased by 128 percent during the first half of 2016 compared to the same period last year. There…
FTC pushes back against LabMD application for stay
The FTC has uploaded complaint counsel’s opposition to LabMD’s application for a stay of the final order in FTC v. LabMD. Did they really write that with a straight face? It was difficult to read it without alternately laughing, spluttering, or fuming. Consider the opening paragraph of complaint counsel’s opposition (I’m interspersing my reactions): Respondent has…
It’s 10 pm somewhere. Do you know where your old databases are?
An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…
Incident response shouldn’t include threatening the media, Saturday edition
As I commented to someone recently, a security incident involving Appalachian Regional Hospital facilities in Beckley and Summers County struck me as a really serious one because it was impacting patient care. While ARH responded promptly and initiated its emergency operations plan after detecting that its system was infected, it seemed clear that shifting to an…