We spent a good amount of time in the cybersecurity forum today talking about the Equifax breach. Here’s a summary of some of their key failures, reported by Josh Fruhlinger and based on A U.S. General Accounting Office’s report, and an in-depth analysis from Bloomberg Businessweek. Here are just two of the findings, as reported by Fruhlinger:…
Category: Of Note
ANNOUNCE: Trying to build your resume as an ethical researcher and whitehat? Now there’s some help for you.
I won’t have much time to update news over the next few days while I am in Washington DC for the Privacy and Security Forum, but I just couldn’t wait until I got back to share what I hope is encouraging news for some of you. I know that there are a number of young…
UK: Patient’s private answerphone message became Devon hospital’s voicemail
Okay, this is a bit different as far as breaches go. Anita Merritt reports: A Devon hospital has apologised after a caller’s voicemail, containing personal patient details, became the hospital’s answerphone message for more than seven hours. During that time the caller was inundated with calls from patients giving details about their health problems believing…
DHS cyber unit wants to subpoena ISPs to identify vulnerable systems
Zack Whittaker reports: Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just less than a year ago, wants the…
Hackers breach Volusion and start collecting card details from thousands of sites
Catalin Cimpanu reports: Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion…
Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys
Yes, I know law enforcement always publicly advises against hacking back, but sometimes you just want to cheer when hacking back thwarts the bad guys. Lawrence Abrams reports: A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to…