Isaac Avilucea reports: An internal probe into potential grade tampering at Torrington High School revealed a significant security breach where at least five school district employees had clearance to alter grades who shouldn’t have had that permission. Those administrative rights, Board of Education Chairman Ken Traub said, have been revoked while the school district looks…
NZAF apologises for email privacy error
The New Zealand AIDS Foundation has apologised after it accidentally shared members’ email addresses in its Christmas e-cards. “The New Zealand AIDS Foundation (NZAF) genuinely regrets that we made a human error when sending out our Christmas e-cards and mistakenly disclosed our member’s email addresses by failing to BCC all the recipients,” Executive Director Shaun…
Hackers break into Washington Post servers
Craig Timberg reports: Hackers broke into The Washington Post’s servers and gained access to employee user names and passwords, marking at least the third intrusion over the past three years, company officials said Wednesday. The extent of the loss of company data was not immediately clear, although officials planned to ask all employees to change their user…
Sources: Target Investigating Data Breach (update 1)
Brian Krebs has the scoop on what sounds like another major data breach – again: Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 —…
New Android Malware Disguises Itself as a Settings App, Steals SMS Messages
Vinay Pidathala, Hitesh Dharmdasani, Jinjian Zhai and Zheng Bu write: FireEye has uncovered and helped weaken one of the largest advanced mobile botnets to date. The botnet, which we are dubbing “MisoSMS,” has been used in at least 64 spyware campaigns, stealing text messages and emailing them to cybercriminals in China. MisoSMS infects Android systems…
There are lessons to be learned from the Maricopa County Community Colleges breach. Learn them, dammit.
I generally do not write “lessons learned from [X breach] ” posts, because I seriously doubt people have really learned anything. Instead of headlines like “Lessons learned from…,” what we should be writing is, “If you don’t learn from this, then you’re an idiot and should never be allowed near consumers’ personal information.” In any…