Washington Attorney General Bob Ferguson’s legislation strengthening the state’s data breach notification law passed the state Senate, 47 to 0. It passed the House of Representatives March 4, 97 to 0. The bill now heads to Governor Jay Inslee for his signature. The legislation strengthens Washington’s data breach notification law by: Eliminating the blanket exemption…
Category: Of Note
18-Year-Old Security Flaw Allows Hackers To Steal Credentials From All Versions Of Windows
Kate Vinton reports: In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB). Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered a much larger…
Debt Brokers Settle FTC Charges They Exposed Consumers’ Information Online
Two debt brokers have agreed to settle Federal Trade Commission charges that they exposed highly sensitive information about tens of thousands of consumers while trying to sell portfolios of consumer debt on a public website. The agreements with the FTC require the defendants to abide by strict new requirements to protect consumers’ sensitive information. In…
FireEye claims discovery of 10-year hack campaign by China
Aimee Chanthadavong reports: A decade-long cyber espionage operation focused on stealing sensitive information for the Chinese government is claimed to have been uncovered by security firm FireEye. The FireEye intelligence report (PDF), APT30 and the Mechanics of a Long-Running Cyber Espionage Operation, has revealed that the group, dubbed APT30, has been maintaining an advanced persistent threat…
Here’s a tip for some Crime Stoppers in Canada: you’ve been hacked (UPDATED)
April 14: See update and possible correction at the bottom of this post concerning the storage and encryption of tips. TeaMp0isoN claims that one of the sites they recently “audited” was the web site of Waterloo Crime Stoppers. In a zine about what they describe as a 0day SQLi attack, TeaMp0isoN writes that they found an unprotected…
The train wreck that was (is?) Pasco County School District’s IT security
I continue to look for details on the case of a 14-year old middle school student who is facing two felony counts for allegedly hacking into his district’s network (see previous coverage of the case on this blog here and here). In today’s installment of How Badly Can a District Screw Up InfoSecurity? Ashley Feinberg of…