Meant to post this one yesterday, but got sidetracked. It’s a great reminder of how if you try to make things more user-friendly, you may also significantly compromise security – and in this case a LOT of government files that should be secured better. Aliya Sternstein reports: The U.S. government recently lassoed together a bunch of intelligence…
Category: U.S.
Feds Never Charged the Real Hacker in the Matthew Keys Case
Kim Zetter reports: Former Reuters social media editor Matthew Keys is facing up to 25 years in prison after his conviction last month on conspiracy charges related to a 2010 hack of the Los Angeles Times web site. Although Keys didn’t actually conduct the hack, prosecutors aggressively pursued him anyway. Now it turns out that authorities have known…
JPMorgan Among Victims of Vast Criminal Hacking Enterprise
Greg Farrell and Patricia Hurtado report: JPMorgan Chase & Co. was among the targets of the biggest theft of customer data from U.S. financial institutions in history, prosecutors said in announcing charges against four men accused of running online schemes including stock manipulation and casino gambling that generated hundreds of millions of dollars. The new allegations…
A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions
David Fagan, Ashden Fein and David Bender write: As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754). If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities. CISA must…
Comcast resets nearly 200,000 passwords after customer list goes on sale
Steve Ragan reports: Over the weekend, a reader (@flanvel) directed Salted Hash to a post on a Dark Web marketplace selling a number of questionable, if not outright illegal goods. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords. As proof, the seller offered a brief list of 112…
Excellus hack: why so long to detect it, members ask
Steve Orr has a follow-up on the Excellus BlueCross BlueShield data breach that was disclosed in September, but the scant details still available will doubtless continue to frustrate those who want to know how the breach occurred and why it took almost 20 months for Excellus to detect it. And the available facts serve as…