category

data leakage

EU – data breaches to be reported within 24 hours

In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in

Zappos.com breach – lessons learned

We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to

Passwords, Stratfor, and Newton’s 3rd Law of Motion

Dazzlepod is saying … if your account name comes up, change your current password … why not assume that your account is compromised and go ahead and change it anyway and everywhere?

Stratfor hack – lessons learned

Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,

2012 predictions: online data brokers come under fire

In 2011 we saw an increase concern about, and scrutiny of, what exactly social networking sites do with the data you input, both internally as well as what gets shared with third parties. But in 2012 some of that scrutiny will shift to those third parties as more people ask: What are they doing with

CarrierIQ, keylogging and mobile payment systems

Recently we see allegations that CarrierIQ is quietly collecting more information than Android users bargained for. In one case, Trevor Eckhart thinks he proved that they register users’ keystrokes without the users’ knowledge for reasons subject to ongoing speculation. We certainly had no trouble finding the CarrierIQ software on an HTC phone, where it possessed

October: Facebook Facepalm, Feeling Safe Online, and a Small Tsunami

ESET’s Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.

Another Massachusetts Health Services breach – at least they HAVE to report it

We see yet another breach hitting the headlines from a Massachusetts Healthcare Service provider, Spectrum Health Services. It seems during a break-in a hard drive was stolen, which contained names, addresses, phone numbers, dates of birth, Social Security numbers, diagnostic codes and medical insurance numbers. It is interesting because, unlike other states, Massachusetts law requires

U.S. Government – Security incidents up 650% over 5 years

Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in

OnStar to still gather vehicle data after service expires

Unless you specifically cancel the 2-way communication aspect, the default setting will be to continue a communication link to OnStar once the subscription expires, raising the ire of customers who wonder what the company does with the data. OnStar says that data is anonymized, but customers fear data showing current vehicle location doesn’t seem very

Senate cybersecurity bill one step closer to law

This morning we recorded a podcast posing the question “can legislation solve cybercrime?” Well, The Senate Judiciary Committee seems eager to play a part, passing a measure yesterday attempting to thwart computer attacks. Measure S.1151 sets a national standard for data breach notification, replacing the various state initiatives already in place. It also makes concealing

Google+ fix cybercrime – use your real name?

Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might

2.1 million users’ data breached in Massachusetts

Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data. It seems her office received 1,166 data breach

Encryption, the Wonderdrug

One of the recurring themes of the past few years in the UK is data lost by the public sector on USB drives, CDs and so on.

Sony new Terms of Service – you can’t file a class action suit

Following the recent spree of data breaches at Sony, resulting in a bevy of class-action lawsuits, it has updated the Terms of Service to preclude future class action suits from being leveled. To be sure, Sony has had sleepless nights following the breaches, but they’d prefer not to deepen the stack of lawsuits if similar

WikiLeaks 2.0 – a new kid in town

Following the plight of the oft-storied WikiLeaks organization, we see a new variant to hit the streets soon, GlobaLeaks. Apparently WikiLeaks has garnered a bit of a following with the community, along with the attraction of a fair share of consternation from governments around the world. This new effort attempts to extend that further. Law

Where there’s smoke, there’s FireWire

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

Android apps: slow data leak?

With the proliferation of the data we hold on our mobile devices, it’s no wonder Neil Daswani, CTO of Dasient, says around 8% of the apps they tested have been leaking data. In a similar vein, he states, “The number of malware samples on mobile devices has doubled in the past two years.” Google tends

Citigroup Hacked – Sometimes it is all About the Money

At least I don’t have to use the “S” word today! A New York Times story reports that Citigroup has disclosed that it had suffered a data breach that disclosed information about approximately 1% of its North American credit card holders. Based upon Citi’s annual report this would be about 210,000 affected customers. According to

Hacking Sony for Fun and Profit (And Let’s Nail Your Company Too)

It’s been a really rough time for Sony. I have a hunch that in the past month “Sony CTO” has leapt past toilet cleaner on the list of least desirable jobs. Last month there was the massive Sony PlayStation/Qriocity breach that leaked more data than a Wall Street ticker leaks stock prices. Then a Sony

Follow us

Copyright © 2016 ESET, All Rights Reserved.