From a newly released GAO report: Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from software coding errors or the actions of careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, terrorists, disgruntled employees or other organizational insiders, among others. These concerns…
Category: Commentaries and Analyses
FL: Audit finds Tampa put city workers at risk of ID theft
Christopher O’Donnell reports: The city broke federal law and put some workers at risk of identity theft by including their Social Security numbers on child support and other garnishment checks, a city audit found. The audit of the city’s Accounts Payable department showed Social Security numbers were printed on payment checks sent to banks, creditors…
#ParisAttacks — Anonymous declares War on Daesh: ‘We will Hunt you Down!’
Swati Khandelwal reports: Following the bloody terror attacks in Paris where over 130 people were killed, the hacktivist collective Anonymous has declared total war against the Islamic State (IS, formerly ISIS/ISIL). Anonymous released a video message, posted in French, on YouTube Sunday announcing the beginning of #OpParis, a coordinated campaign to hunt down ISIS’s social media channels and every single…
Medical data, staff creds exposed as scores of apps bork the backend
Darren Pauli reports: And still we fail to learn: a quintet of researchers has found that the bad practice of writing keys into code persists among some of the world’s most popular Android and iOS applications. The researchers say the hard-coded credentials can be easily extracted to gain access and manipulate millions of sensitive individual…
BitLocker encryption can be defeated with trivial Windows authentication bypass
Lucian Constantin reports: Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk. Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the…
Common Market in Maine notifies customers of payment card breach
I’m not sure that posting a breach notification on a Facebook page is sufficient when you also have a web site where you could post the announcement. Assuming everyone is on Facebook is risky. Case in point: Common Market in Union, Maine, posted this on their Facebook page on October 30. ATTENTION COMMON MARKET CUSTOMERS…