Steve Bellovin explains: Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data. In a case…
Category: Of Note
Health insurance giant Anthem Blue Cross and Blue Shield discloses breach that could affect tens of millions of customers and employees (Update2)
Following the disclosure by Community Health Systems in an SEC filing that they suspected Chinese hackers were responsible for the theft of 4.5 million patients’ information, the FBI sent out a “Flash” warning to alert the the healthcare sector that it was being targeted by hackers. It was the second warning they had issued in a period of a few months. In…
Report Claims Russians Hacked Sony
From the how-many-people-were-in-there dept., Mathew J. Schwartz reports: Russian hackers, using spear-phishing attacks, successfully breached the network of Sony Pictures Entertainment in November 2014, and continue to have on-demand access to Sony’s network, according to a new report from cybersecurity firm Taia Global. But it’s not clear if those hackers unleashed the malware attack and data…
The FTC’s requested budget: implications for data security enforcement cases?
I was never good with budgets, but damned if I can figure out FTC’s budget request to Congress for Fiscal 2016. Is it seeking funds to expand the number of data security enforcement cases it undertakes or is the budget based on simply maintaining the current level(s)? So when @FTC didn’t respond to my tweeted inquiry,…
FBI put Anonymous ‘hacktivist’ Jeremy Hammond on terrorism watchlist
Ed Pilkington reports: The prominent Anonymous “hacktivist” Jeremy Hammond, who participated in some of the hacking collective’s most audacious cyber acts, was placed by the FBI on a terrorism watchlist, the Daily Dot reported on Monday. The internet news website obtained a leaked document from the New York state division of criminal justice services that shows Hammond…
U. of Chicago still compromised, data for sale on underground – researchers (updated)
On January 24, this blog reported that Carbonic had claimed to have hacked the University of Chicago. The U. of Chicago never responded to a notification and inquiry this blog sent via e-mail on January 22nd. Yesterday, SLC Security reported that the university is still leaking information and is still vulnerable: During a recent receive (sic)…