James Temperton and Matt Burgess report: The front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed. The law firm at the centre of the Panama Papers hack has shown an “astonishing” disregard for security, according to one expert. Amongst other lapses, Mossack Fonseca has failed to update its Outlook Web Access login…
Category: Commentaries and Analyses
Don’t let embarrassment about a data breach cost you even more
There’s an interesting commentary by Evan Schuman on Computerworld today. Nobody likes to be embarrassed. That goes for company executives. This fact of human nature helps explain why the breach-disclosure laws that have been adopted by many states can be leveraged by data thieves for even more profit than they could realize before. Evan notes…
FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years
Lorenzo Franceschi-Bicchierai reports: The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard. The alert, which is also available…
FBI: we don’t advise entities to pay ransom demands
While I was at the recent PHI Protection Network conference, I had an opportunity to speak with Ben Stone, Supervisory Special Agent in the FBI’s Pennsylvania Cyber Squad. One of the questions I put to him was why the FBI had been advising companies to pay ransomware demands. Special Agent Stone told me that that wasn’t…
UK cops tell suspect to hand over crypto keys in US hacking case
J. M. Porup reports: At a court hearing earlier this month, the UK’s National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused “millions of dollars in damage,” decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a…
BakerHostetler Data Security Incident Response Report
BakerHostetler has released its second annual data security incident response report, which is based on 300 cases they advised on last year. The report provides some statistics on causes of incidents, which industries were most affected, and what happens after a security incident is detected – from containment, to notification, to regulatory investigations and even lawsuits. A…