RJ Marquez reports: Frost Bank is investigating a breach after the company discovered unauthorized access to digital images stored in those customers’ commercial image archives. The San Antonio based-bank issued a statement that said Frost detected the unauthorized access to a third-party lockbox software program earlier this week and immediately launched an investigation. The software…
Category: U.S.
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
Walmart jewelry partner exposed 1.3 million customer details
Bob Diachenko writes: On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over…
MO: Olathe restaurant owner accused of identity theft
KSHB in Kansas City reports: An Olathe barbecue restaurant owner is facing accusations of credit card fraud. Mathew Sander is facing 19 different charges in three separate cases. Sander owns Smokin’ Joe’s BBQ. Read more on KSHB.
WA: Port of Longview hit with major cyberattack
This sounds serious. Zack Hale reports: The Port of Longview was recently victimized by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors. The FBI notified the port of the attack on Feb. 1, according to an internal memo obtained Monday by The Daily News. However, the…
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II
Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…