Brian Krebs reports: It’s notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs. Read more on KrebsOnSecurity.com.
Category: Commentaries and Analyses
Ca: Tax workers continue to peek at forbidden files: internal reports
Dean Beeby reports: Canada Revenue Agency workers continue to poke into the confidential tax files of friends and foes, despite assurances to Canada’s privacy commissioner that the chronic problem of unauthorized access is being fixed. The 34 significant privacy breaches reported by the CRA to the commissioner in 2014 show all but two were deliberately…
AU: Leaked documents: 31 ‘identified’ privacy breaches not too bad, says Department of Veterans Affairs
Ian McPhedran reports: The Department of Veterans Affairs (DVA) has played down the extent of privacy breaches under departmental document leaks. However the scandal has deepened with more than a dozen veterans and advocates coming forward with examples of serious breaches since News Corp Australia last week revealed that personal documents including medical reports and compensation…
Senator Sheldon Whitehouse Wants to Make the Computer Fraud and Abuse Act Even Easier to Abuse
If you’re a security researcher, you’ll definitely want to read this. Nadia Kayyali writes: This summer, Senator Sheldon Whitehouse introduced an amendment to the flawed Cyber Information Sharing Act (CISA) that would make it even worse, by expanding the broken Computer Fraud and Abuse Act (CFAA). EFF has proposed common sense changes to this federal anti-hacking law, many of which were included in “Aaron’s…
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…