Alexander Major of Sheppard Mullin writes: On June 19, 2015, the National Institute of Standards and Technology (NIST) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems. The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to…
Category: Commentaries and Analyses
IRS employees can use ‘password’ as a password? No wonder we get hacked
Trevor Timm writes: The public is finally starting to learn what security experts have been warning for years: the US government has no idea what it’s doing when it comes to cybersecurity. Worse, the government’s main “solutions” may leave all our data even more vulnerable to privacy violations and security catastrophes. Read more on The Guardian.
Ca: Detour Gold data dump exposed over 1,300 employees’ details
Since April, DataBreaches.net has been reporting on the hack of a small Canadian gold-mining firm, Detour Gold. As noted in April, hackers who call themselves Angels_of_Truth claim to have hacked Detour Gold in revenge for Canada’s economic sanctions on Russia. Their statements have been written in both English and Russian. Following the first paste and…
Login creds for US agencies found scrawled on the web’s toilet walls
Alexander J. Martin reports: A threat intelligence report into the availability of login credentials for US government agencies has identified 47 agencies across 89 unique domains may be compromised. The findings resulted from an analysis of open source intelligence (OSint) from 17 paste sites, carried out between 4 November 2013 and 4 November 2014. Read…
Computer system that detected massive government data breach could itself be at ‘high risk,’ audit finds
Eric Yoder reports: The computer upgrade that federal officials tout as having detected — although not prevented — a massive breach of information on federal employees is itself at high risk of failure, according to a new internal audit. The independent inspector general’s office within the Office of Personnel Management is conducting a thorough review…
Data stolen with pita bread-size decoder
iFreePress reports: Just when you thought it was safe to eat at the neighborhood deli, a group of Israeli researchers has announced they’ve figured out how to pull the encryption keys stored on some computers by using items which can be hidden inside pita bread. An update was released at the beginning of the year…