Thursday, July 19, 2018

Researchers Can Earn Up to $100K via Microsoft Identity Bounty Program

Microsoft announced its Identity Bounty Program through which security researchers can earn up to $100,000 for an eligible submission. On 17 July, Microsoft Security Response Center (MSRC) unveiled the creation of a new bug bounty program to help it...

Four Healthcare IT Companies Warn PHO Put 800K Patients’ Data at Risk

Four healthcare IT companies warned that a primary health organization (PHO) put up to 800,000 patients’ medical data at risk. On 17 July, New Zealand and Australian healthcare companies HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand...

U.S. Senators Ask FTC to Launch Privacy Investigation of Smart TVs

Two United States Senators asked the Federal Trade Commission (FTC) to investigate the privacy policies and practices of smart TV manufacturers. In mid-July, Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) submitted a letter to Joseph Simons, Chairman of...

12 Russian Intelligence Officers Accused of Hacking DNC During 2016 Election

The U.S. Justice Department has charged a dozen Russian intelligence officers with a series of hacking offenses against the Democratic National Committee (DNC). Deputy Attorney General Rod Rosenstein announced the indictments on Friday as part of the ongoing investigation...

Ukrainian Law Enforcement Thwart Digital Attack Against Chlorine Station

Ukrainian law enforcement personnel thwarted a digital attack that targeted equipment owned and operated by a chlorine station. According to Interfax, the Security Service of Ukraine (SUB) detected an attempt to attack the LLC Aulska chlorine station. Located in...

ICO to Fine Baby Club £140K for Illegally Sharing Data with Labour Party

The Information Commissioner’s Office (ICO) announced its decision to fine a baby club £140,000 for illegally sharing individuals’ personal data with the Labour Party. The United Kingdom’s data watchdog said it intends to impose the penalty as a result...

Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal

The Information Commissioner’s Office (ICO) announced its plan to fine Facebook £500,000 over the Cambridge Analytica data scandal. On 10 July, the ICO published a progress report on its investigation into the Cambridge Analytica incident. The report, entitled “Investigation...

Macy’s, Bloomingdales Alert Online Customers of Data Breach

Macy’s is notifying customers of a data breach involving unauthorized access to their payment card data and personal information. In a notice sent to affected customers, Macy’s said it first detected suspicious login activity from certain Macys.com accounts on...

Credential Stuffing List Containing 111 Million Records Found Online

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned...

Timehop Confirms Data Breach Affected 21 Million Users

Timehop confirmed that a data breach affected certain pieces of personal information belonging to 21 million of its users. According to a statement posted on its website, the service that distributes social media memories to its members detected a...

UK Financial Regulators Cracking Down on Banks’ IT Failures

Financial regulators have ordered British banks and other financial services firms to provide a detailed plan for responding to IT outages and cyber-attacks. The Bank of England (BoE) and the Financial Conduct Authority (FCA) published a joint discussion paper...

Wisconsin County Reveals Phishing Attack Most Likely to Blame for Data Breach

A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients’ personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County...

Irish Retailer Reveals It Was Affected by International Data Breach

An Irish retailer revealed that an international data breach might have exposed some of its customers’ personal information. On 4 July, Harvey Norman Ireland sent out a letter to customers informing them of the incident. Its correspondence didn’t disclose...

Facebook Bug Temporarily Unblocked Users from 800K Accounts

Facebook announced it is notifying more than 800,000 affected users after a bug temporarily reset certain account privacy settings. The social media giant said the bug allowed users who had been previously blocked on both Facebook and Messenger to...

Adidas Alerts Customers of Possible Data Security Incident

Multinational apparel design and manufacturing corporation Adidas alerted customers of an incident that possibly affected the security of their data. On 28 June, Adidas’ headquarters located in Herzogenaurach, Germany posted a statement about the incident to its website. The...

Okta Acquires Access Control Startup ScaleFT

Enterprise identity management firm Okta this week announced that it has acquired ScaleFT, a company that offers a Zero Trust access control platform. read more

Suing South Carolina Because Its Election Machines Are Insecure

A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.