From TrustedSec: As many of you may have already been aware, a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability…
Category: Of Note
Comptroller DiNapoli: Schools Must Do More to Limit Access to Sensitive Student Databases
Yes, it’s as bad as I’ve been saying for years. Now if they will just audit the NYC Department of Education, too. Employees in six upstate New York school districts had inappropriate computer access to sensitive student data and were able to change student grades and attendance records without proper authorization, according to an audit released today…
IE: Dirty tricks at centre of credit union snooping
Niall O’Connor reports on a major case of social engineering: Sensitive personal data, including addresses and job details, was handed over by the Department of Social Protection after just one phone call from private investigators pretending to be State officials. The underhand tactics used to extract confidential information from a leading State agency is revealed…
Supervalu investigating potential data breach: WSJ
Ramkumar Iyer reports: U.S. supermarket chain Supervalu Inc is investigating a potential data breach that could have affected more than 1,000 of its stores, the Wall Street Journal reported on Thursday, citing people with knowledge of the matter. The data breach appears to have taken place in late June or early July and may be…
Military Companies Brace for Rules on Monitoring Hackers
Chris Strom reports: Companies that do business with the Defense Department are bracing for new U.S. rules requiring them to report computer breaches to the Pentagon and give the government access to their networks to analyze the attacks. Groups representing the contractors are raising concern about the Pentagon rooting around their data, and say smaller…
Security breach in NIC, critical data at risk
Salkat Datta reports: A major security breach of the National Informatics Centre (NIC), which runs all the emails of senior officials and websites of all central government departments, allowed hackers to issue several fraudulent digital certificates, raising global concerns about India’s net security practices. The NIC is one of the select few authorised entities allowed…