Commentaries and Analyses – Page 591

Password-stealing security hole discovered in many Netgear routers

Posted on February 1, 2017 by Dissent

Graham Cluley writes: A security researcher has described how he uncovered a severe security hole in dozens of different Netgear routers, meaning that “hundreds of thousands, if not over a million” devices could be at risk of having their admin passwords stolen by hackers. Simon Kenin, a researcher at Trustwave, has explained how sheer laziness on a…

GSA IT gaps leaked personal information, OIG says

Posted on January 28, 2017 by Dissent

Carten Cordell reports: A series of four audits by the General Services Administration’s inspector general have found that the agency’s cloud computing system made personally identifiable information accessible to employees and contractors not authorized to have it. The audits, which were instituted after the OIG found multiple instances where sensitive information was accessible on GSA’s…

Investors Sue Yahoo Over Post-Hack Stock Plunge

Posted on January 27, 2017 by Dissent

I don’t think investors’ lawsuits related to data breaches have been a particularly winning strategy to date, but if any investors’ suit has a chance, this one might – or at least, should have a chance. Maria Dinzeo reports that those who invested in Yahoo! are suing the company: A proposed class of hundreds of thousands…

Google Removes Ransomware-Laden App From Play Store

Posted on January 25, 2017 by Dissent

Jai Vijayan reports: A ransomware sample that was recently discovered embedded in an Android application on Google Play Store suggests that threat actors may have found a dangerous new way to get extortion malware on mobile devices. The malware, dubbed Charger, is believed to be the first instance of ransomware being successfully uploaded to Google’s…

NYS audit finds Holland Patent Central School District not adequately protecting PPSI

Posted on January 23, 2017 by Dissent

Another audit from the NYS Comptroller is worthy of note here. This one audited the Holland Patent Central School District for access to their student information system (SIS). The District operates four schools with approximately 1,500 students and 300 employees. This audit covered the period of July 1, 2015 – July 31, 2016. According to the state, the…

Expert Hacks Internal DoD Network via Army Website

Posted on January 23, 2017 by Dissent

Eduard Kovacs reports: A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website. [….] Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total…