Lily Hay Newman reports: John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in…
Category: Of Note
Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen
Betsy Swan reports: A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers. In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list…
Ex-Mossad chief says Likud app leaks as dangerous to Israel as coronavirus
The Times of Israel reports: A former head of the Mossad spy agency sounded the alarm Wednesday about an app operated by Prime Minister Benjamin Netanyahu’s Likud party ahead of next week’s elections, warning that using it was “a real security threat” and likening the level of danger it poses to that of the deadly…
FTC Releases 2019 Privacy and Data Security Update
The Federal Trade Commission today released its annual privacy and security update for 2019, highlighting a record year for enforcement actions aimed at protecting consumer privacy and data security. For example, the Commission levied a $5 billion penalty—the largest consumer privacy penalty ever—against Facebook for violating its 2012 FTC privacy order and imposed new restrictions on the…
DoppelPaymer Ransomware Launches Site to Post Victim’s Data
First Maze Team did it. Now DoppelPaymer threat actors have followed suit. Lawrence Abrams reports: The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted. Read more on BleepingComputer.
Update: How many users were affected by the DISA breach?
Andrew Eversden has an update on a breach previously noted on this site: A breach of a system hosted by the Defense Information Systems Agency, the Department of Defense’s primary IT support agency, affected “approximately 200,000” users after a malicious actor may have gained access to names and Social Security numbers, according to a Pentagon…