Category: breaches

Auto Added by WPeMatico

Former Uber CISO Appealing His Conviction

Posted on By infossl
breaches, data breaches, ftc, regulation, Security technology, uber, Uncategorized

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have … Read More “Former Uber CISO Appealing His Conviction” »

How Attorneys Are Harming Cybersecurity Incident Response

Posted on By infossl
academic papers, breaches, cybersecurity, incident response, insurance, Security technology, Uncategorized

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »

SolarWinds Detected Six Months Earlier

Posted on By infossl
breaches, hacking, intrusion detection, Security technology, Uncategorized, vulnerabilities

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020­—but the scale and … Read More “SolarWinds Detected Six Months Earlier” »

SolarWinds and Market Incentives

Posted on By infossl
breaches, data breaches, economics of security, essays, Security technology, Uncategorized

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »

LastPass Breach

Posted on By infossl
breaches, cloud computing, data breaches, Password Safe, passwords, Security technology, Uncategorized

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which … Read More “LastPass Breach” »

Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security

Posted on By infossl
breaches, cia, leaks, reports, Security technology, wikileaks

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »

Bank Card “Master Key” Stolen

Posted on By infossl
banking, breaches, dataprotection, keys, pins, Security technology, theft

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to … Read More “Bank Card “Master Key” Stolen” »