Having spent years interviewing hackers who described themselves as hacktivists or as hacking for the lulz, talking to hackers who engage in criminal hacking as a source of income has been…. educating, to say the least. But it’s also been a reminder that too many businesses really have no clue what they’re doing – not only in…
FTC pushes back against LabMD application for stay
The FTC has uploaded complaint counsel’s opposition to LabMD’s application for a stay of the final order in FTC v. LabMD. Did they really write that with a straight face? It was difficult to read it without alternately laughing, spluttering, or fuming. Consider the opening paragraph of complaint counsel’s opposition (I’m interspersing my reactions): Respondent has…
VoIPtalk admits to possible data breach
Charlie Osborne reports: VoIPtalk has warned users of a potential data breach but insists the alert is only a “precautionary measure.” This week, the voice-over-IP (VoIP) provider emailed customers a security notice, later posted to VoIPtalk forums, which informed users of a “potential security incident” involving user accounts. VoIPtalk says that user VoIP and SIP passwords may…
OR: Portland financial firms warns 20,000 clients after laptop stolen from employee’s car
Matthew Kish reports: One of Oregon’s largest financial firms has warned clients of a possible data breach. Portland-based M Holdings Securities Inc., a subsidiary of M Financial Holdings Inc., has informed California’s attorney general of a stolen laptop with client information, including social security numbers. The theft occurred July 29 in Salem. […] O’Connor said the laptop…
Law Firms Are “One-Stop Shopping” for Hackers, as Hickey Law Firm Found Out
Randy Evans and Shari Klevens write: This year has shown that law firms are not immune from infiltration by international hackers. This spring, a Russian hacker targeted 48 top law firms, seeking to obtain confidential insider information regarding mergers and acquisitions that would be very valuable and could impact global markets. […] These are not…
It’s 10 pm somewhere. Do you know where your old databases are?
An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…