Informations about SSL certificates and networks security
Auto Added by WPeMatico
A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the … Read More “Ransomware Gang Files SEC Complaint” »
Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have … Read More “Former Uber CISO Appealing His Conviction” »
The stalkerware company LetMeSpy has been hacked: TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete … Read More “Stalkerware Vendor Hacked” »
In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the board. The lessons are many, but I want to … Read More “SolarWinds and Market Incentives” »
Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which … Read More “LastPass Breach” »
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, … Read More “The Conviction of Uber’s Chief Security Officer” »
After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.) This is a welcome change. The problem is one of incentives, and Australia has now increased the … Read More “Australia Increases Fines for Massive Data Breaches” »
It’s big: The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. “They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs … Read More “Massive Data Breach at Uber” »
This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users … Read More “Syniverse Hack” »
Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary. Powered by WPeMatico