Darren Pauli reports: Much of the impact of the Shell Shocked vulnerability is unknown and will surface in the coming months as researchers, admins and attackers (natch) find new avenues of exploitation. The vulnerability, coined Shell Shocked by researcher Robert Graham, existed in the Bash command interpreter up to version 4.3 and affected scores of servers,…
Category: Commentaries and Analyses
Operation Harkonnen Malware disguised as ‘harmless Adware’
Michael Shuff reports: Further details are emerging today of the methods used in the massive and long-lasting Operation Harkonnen cyber attack (‘Harkonnen Hack’) methodology that has allegedly exposed the data of 300 leading European organisations since 2003. The victims of the German gang thought to be responsible include banks, government organisations and major corporations, most…
Ca: Employer liability for privacy breaches by employees
Daniel Mayer writes: A class action was recently allowed to proceed in Ontario against a major bank after one of its employees admitted to accessing and disclosing to third parties confidential information of the bank’s customers. While this case is not a final decision as to whether the bank was actually liable for its employee’s…
Government itself tries to hack HealthCare.gov
Associated Press reports: The government’s own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability — but also came away with respect for some of the health insurance site’s security features. Those are among the conclusions of a report released today by the Health and Human Services…
CFPB Must Improve Financial Data Security: GAO
Mike Muckian reports: If you’re one of the 25 million to 75 million U.S. credit cardholders whose account information has been gathered by the CFPB, your financial data may not be as safe as it should be. The U.S. Governmental Accountability Office recently analyzed the bureau’s data security practices and was not pleased with the…
On the Front Lines: The FTC’s Role in Data Security
Keynote Address by FTC Commissioner Julie Brill on September 17 at the Center for Strategic and International Studies (CSIS) Workshop on Stepping Into the Fray: The Role of Independent Agencies in Cybersecurity. (pdf)