The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most damaging data breaches in history. The vulnerability was first disclosed in March 2017 and is believed to have affected (and is still affecting) hundreds of … Continue Reading
We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading
We hear daily about another payment card breach at a retail store, restaurant chain or hotel line. The response to a payment card breach differs from company to company. I get a lot of questions about payment card breaches and why some companies provide credit monitoring and others don’t, why some companies provide individual notification … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their information. It further confirmed that 113 of its patients have become the victims of identity theft as a result of … Continue Reading
A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages. Ransomware is big business, since according to IBM Research, over 70 percent of business victims of ransomware pay the ransom for the key to get … Continue Reading
Although every year we lament about the significance of data breaches in the past year, 2016 was by far the worst. Data breaches were rampant, victimizing every industry and numbing consumers in the process. It was so bad that consumers began to throw up their hands and say “My personal information is out there anyway. … Continue Reading
2016 has been a banner year for ransomware cybercriminals. We have seen a dramatic rise in the use of ransomware, and businesses continue to become victims to ransomware, primarily through phishing and spear phishing schemes. The cybercriminals are getting so brazen, that when they attack a business with ransomware, they actually provide instructions on how … Continue Reading
We previously reported that 21st Century Oncology suffered a data breach in October 2015 involving an intrusion into its systems which compromised around 2 million patients’ records, including their names, Social Security numbers, physicians’ names, insurance information, treatment information and diagnoses [view related posts here and here]. As a result of the data breach, sixteen … Continue Reading
The Federal Bureau of Investigation (FBI) issued a private industry alert on August 18, 2016, to State Boards of Election to alert them of hackings into Board of Election websites. According to the FBI, it “received information of an additional IP address, 5.149.249.172, which was detected in the July 2016, compromise of a state’s Board of … Continue Reading
Last week, the White House issued a new directive that outlines how the government handles significant cyber incidents, which gives the public information on which agency to call in the event of a cyber incident. We often get asked, “Who do we call—the FBI, Secret Service, DOJ, etc.?” The directive outlines what incidents are considered … Continue Reading
When I train clients’ employees on data privacy and security, I always mention the microphone on smartphones. They are powerful and if you allow apps access to your microphone, they can listen to every one of your conversations [see related privacy tip]. Do you want every one of your conversations to be accessible by someone … Continue Reading
After the terrorist attack in Orlando, Florida, early this month, the Electronic Communications Privacy Act (ECPA) has been discussed quite a bit. The ECPA, a law which took effect in 1986, limits the government’s access to electronic communications and other information. Due to the advancement in technology over the past 30 years, Congress finds itself … Continue Reading
USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it up and take it to work or home. I find that people are unaware of this … Continue Reading
A recent Government Accountability Office report outlined vehicle cybersecurity concerns, outlining that hackers can penetrate the technology of vehicles in both long range and short range attacks, including targeting Bluetooth controls. These car hackings allow the hackers to access steering, brakes, telematics and critical controls of cars. Just to put the threat in context, it … Continue Reading
The Federal Aviation Administration (FAA) announced this week that it will be expanding its research on how to detect ‘rogue’ drones near airports. The FAA will join forces with other government agencies and academic partners to experiment with new drone detection technology at JFK Airport in New York. FAA Senior Advisor on drone integration, Mark Gibson, … Continue Reading
Last week, the U.S. Department of Justice (DOJ) issued a notice of proposed rulemaking in the Federal Register moving to exempt the FBI’s biometrics database from the notice and consent provisions of the Privacy Act of 1974 (Privacy Act). The Privacy Act governs the collection, maintenance, use and dissemination of personally identifiable information (PII) that … Continue Reading
We have consistently reported about increased phishing attacks through emails that purport to come from high level executives, including CEOs. According to the FBI, the hackers use sophisticated social engineering to spoof company emails to “assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use … Continue Reading
We have frequently alerted individuals and companies about the increasing risk and success posed by sophisticated phishing schemes. It has become such a real and grave problem that the U.S. Computer Emergency Readiness Team of the Department of Homeland Security (US-CERT) has teamed up with the Canadian Cyber Incident Response Centre to issue a joint … Continue Reading
New additions to the FBI’s Cyber’s Most Wanted List show “the line between ordinary criminal hackers and potential national security threats is increasingly blurry,” according to Assistant Attorney General for National Security John Carlin. The FBI is offering a $100,000 award for information leading to the arrest of two Syrian nationals, suspected of committing dozens … Continue Reading
The FBI and DOJ continue their effort to bring cyber hackers to justice. Last week, Chinese national Su Bin pled guilty to stealing data related to Boeing’s C-17 military cargo plane and of trying to steal information related to U.S. F-22 and F-35 fighter jets. Bin was indicted, along with other co-conspirators, in August 2014 … Continue Reading
We previously reported [view related post] that 21st Century Oncology had suffered a data breach and notified 2.2 million patients that it had been the victim of a hacking that exposed the names, Social Security numbers, physicians’ names, diagnosis information, and insurance information of its patients. Although the intrusion occurred in October 2015, 21st Century … Continue Reading
On March 21, 2016, the FBI and the U.S. National Highway Traffic Safety Administration issued a public safety announcement outlining the dangers of cars getting hacked. The announcement follows the media reporting about two security researchers being able to hack into vehicles and being able to remotely control them. It explains that since new vehicles … Continue Reading
The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting “international law firm information used to facilitate business ventures.” According to the FBI “[T]he scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information….This information, gained prior … Continue Reading
