See an important update after the original post. From the no-one-could-have-possibly-foreseen-kids-figuring-out-default-password-conventions dept., Andrew Colton reports: The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student…
Category: Of Note
Criminal forum trading stolen data suffers ironic data breach
John E. Dunn reports: Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on. Another rich cache full of sensitive company data, or perhaps something stolen from a military power? In fact, according to the security company that verified its authenticity, Cyble,…
Maze Team under the spotlight
Maze has seemingly done such a good job getting media attention that we’re also seeing more analyses of their methods. This week, check out this report from FireEye: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents and this report from Sophos: Maze ransomware: extorting victims for 1 year and counting In…
Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack, According to Sophos
One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom….
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
Managed Service Providers Face Threats From Hackers and Clients
James Rundle reports: With wide-ranging client bases and trusted access to their computer systems, managed service providers are attractive targets for hackers seeking to ransom data or steal information. But they also face threats from their clients, who may have had patchy security in place for years. It only took a few months for Clear…