From PWC: We have been commissioned by the Department for Business, Innovation and Skills (BIS) to survey companies across the UK on cyber security incidents and emerging trends. This survey aimed to provide greater awareness amongst UK business of the risks, insights on how companies are mitigating those risks (or not) and key trends. The…
Category: Commentaries and Analyses
ALERT: NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information
Alexander Major of Sheppard Mullin writes: On June 19, 2015, the National Institute of Standards and Technology (NIST) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems. The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to…
IRS employees can use ‘password’ as a password? No wonder we get hacked
Trevor Timm writes: The public is finally starting to learn what security experts have been warning for years: the US government has no idea what it’s doing when it comes to cybersecurity. Worse, the government’s main “solutions” may leave all our data even more vulnerable to privacy violations and security catastrophes. Read more on The Guardian.
Ca: Detour Gold data dump exposed over 1,300 employees’ details
Since April, DataBreaches.net has been reporting on the hack of a small Canadian gold-mining firm, Detour Gold. As noted in April, hackers who call themselves Angels_of_Truth claim to have hacked Detour Gold in revenge for Canada’s economic sanctions on Russia. Their statements have been written in both English and Russian. Following the first paste and…
Login creds for US agencies found scrawled on the web’s toilet walls
Alexander J. Martin reports: A threat intelligence report into the availability of login credentials for US government agencies has identified 47 agencies across 89 unique domains may be compromised. The findings resulted from an analysis of open source intelligence (OSint) from 17 paste sites, carried out between 4 November 2013 and 4 November 2014. Read…
Computer system that detected massive government data breach could itself be at ‘high risk,’ audit finds
Eric Yoder reports: The computer upgrade that federal officials tout as having detected — although not prevented — a massive breach of information on federal employees is itself at high risk of failure, according to a new internal audit. The independent inspector general’s office within the Office of Personnel Management is conducting a thorough review…