Eternal Blue exploited once again, despite patch

(Jun 28, 2017) Even though Microsoft has issued a patch for the vulnerability exploited by NSA hacking tool Eternal Blue, a global ransomware attack still managed to exploit it yesterday, affecting hundreds of government agencies and companies, The New York Times reports. Believed to be the ransomware virus Petya, or a variant thereof, which is freely available on the dark web, the attack infected Ukranian institutions first, and affected firms that include DLA Piper, Merck, Russian oil company Rosneft, and Ge... Read More

Ansip discusses efforts to boost cybersecurity in the EU

(Jun 27, 2017) Speaking at the annual Chatham House cyber conference, Vice President of the European Commission Andrus Ansip spoke on a number of cybersecurity topics. Ansip discussed the growing number of cyberattacks affecting countries around the world, stating the European Union still lacks the operational capacity for a proper response. Ansip said reviewing the EU’s cybersecurity strategy as part of the plan to build a Digital Single Market will help in addressing the problem, while also noting efforts to... Read More

Media focuses on backdoors, but UK hacks, too

(Jun 27, 2017) Motherboard reports on the U.K. using hacking techniques in order to read the encrypted messages of suspected terrorists. While the U.K. is still trying to obtain backdoors for encrypted messaging apps, U.K. security services use “equipment interference” to examine notable messages. The techniques can range from using a suspect’s username and password to log in to a computer to the “remote exploitation of a device.” These techniques can bypass end-to-end encryption by investigating the endpoints... Read More

LabMD argues 'matter of principle' in FTC data-security appeal

(Jun 26, 2017) Last week, the U.S. Court of Appeals for the Eleventh Circuit heard arguments in the continuing saga of the LabMD, Inc. v. Federal Trade Commission case. LabMD argues the court should vacate the FTC's 2016 order that it implement a data security program for the next 20 years, among other requirements, on the basis that the FTC overstepped its authority in the case. The FTC says LabMD should have known its data-security obligations, and the language of the FTC Act supports the FTC’s order. In ar... Read More

Australia wants access to encrypted messages

(Jun 26, 2017) When the Five Eyes nations have their upcoming meeting in Ottawa, two top Australian government officials said they will push for “thwarting the encryption of terrorist messaging,” Ars Technica reports. Australia Attorney General George Brandis and Member of the Australian House of Representatives Peter Dutton said in a statement Australia will ask for new laws and press for a new international data-sharing agreement between Australia, the U.S., the U.K., Canada and New Zealand. “As Australia’s ... Read More

Tech companies allowing Russia to examine security products' source code

(Jun 23, 2017) Companies, such as Cisco, IBM and SAP, are allowing Russia to review the source code of their security products, Reuters reports. The requests are made by Russia’s Federal Security Service and are done before Russia will allow the products to be imported and sold in the country. The examinations are done to ensure foreign spy agencies have not installed “backdoors” that would allow them to infiltrate Russian systems. U.S. officials are concerned allowing Russia to look at the products’ source co... Read More

Russian hackers trading members of parliament's login info online

(Jun 23, 2017) Russian hackers are trading the login details of thousands of MPs and public officials, IT Pro reports. According to an investigation by The Times, the stolen credentials came from previous data breaches, including the massive data breach involving LinkedIn. The compromised information included the login credentials for 7,000 police employees and 1,000 officials at the Foreign Office. The breached database included around one billion records and is available for purchase for only 2 GBP due to th... Read More

Study: Data breaches cost Canadian companies $5.78M

(Jun 23, 2017) A report from IBM and the Ponemon Institute found an average data breach cost Canadian companies $5.78 million, IT World Canada reports. The study found the number was a 4 percent decrease from last year’s study. Canada’s average data breach cost was the second highest in the world, only behind the U.S. at $7.35 million. Overall, Canada was above the world average for data breach costs at $3.62 million. The study found Canadian companies containing a breach in less than 30 days were able to save... Read More

Cyber Essentials protection scheme suffers data breach

(Jun 22, 2017) The U.K. government’s Cyber Essentials scheme suffered a data breach, the International Business Times reports. The breach was caused by a configuration error in the platform used for Cyber Essentials to conduct assessments. Cyber Essentials helps businesses “protect themselves against common cyber attacks,” and the compromised information included the email addresses and passwords of clients registered with the service. The breach notice sent out by Cyber Essentials states an “unknown person” h... Read More

Former students sue school board for disclosing personal data

(Jun 22, 2017) Two former students in the Miami-Dade school district are suing the school board for posting their personal information online, the Miami Herald reports. A basic web search revealed the school had posted the Social Security numbers and test scores of the two students, as well as personal information of hundreds of others. "The carelessness with how the district manages students' private information needs to be addressed," Lawyer Stephanie Langer said. The students, according to the report, are s... Read More