Incident Response, Learnings

Anthem to Pay a Record $115M to Settle U.S. Lawsuits over Data Breach

Anthem to Pay a Record $115M to Settle U.S. Lawsuits over Data Breach

Anthem Inc. has agreed to settle litigation over hacking in 2015 that compromised about 79 million people's personal information for $115 million, which lawyers said would be the largest settlement ever for a data breach. The deal, announced Friday by lawyers for people whose information was compromised, must still be approved by U.S. District Judge Lucy Koh in San Jose, California, who is...

Ex-CIA Officer Arrested for Selling Top Secret Files to Chinese Operatives

Ex-CIA Officer Arrested for Selling Top Secret Files to Chinese Operatives

A former CIA agent was arrested and arraigned in court on accusations of selling top secret documents to Chinese intelligence officers disguised as members of a Chinese think tank. According to a criminal complaint, the former CIA agent Kevin Patrick Mallory was approached in February 2017 by a recruiter for a Chinese think tank named the Shanghai Academy of Social Sciences (SASS), which...

What Lessons You Need to Learn from Cyber Attacks

What Lessons You Need to Learn from Cyber Attacks

Any breach or cyber compromise has the potential to result in substantial reputational and financial consequences. Effective cyber defense requires barriers that deter cybercriminals alongside effective risk intelligence. Above all else, it is crucial for businesses to focus on what they can control. Businesses need to prioritize cybersecurity and make sure it is a C-Suite issue that is taken...

University of Oklahoma: U.S Department of Education Inspects the Security Breach

University of Oklahoma: U.S Department of Education Inspects the Security Breach

The U.S. Department of Education will become involved with OU regarding the recent security breach, which released thousands of students' personal information. The breach, which violated federal law, resulted in the release of student information, including student financial information. “The U.S. Department of Education takes allegations of privacy and data security violations very seriously,"...

Elite Hacker SWAT Team of Google vs. Everyone

Elite Hacker SWAT Team of Google vs. Everyone

Too many organizations either don’t prioritize security or view it as an impediment to meeting product development and delivery deadlines. To Tavis Ormandy and the dozen or so ace computer crackers that make up Google’s Project Zero, there are no boundaries to their jurisdiction—anything that touches the Internet is fair game. Policing cyberspace isn’t just good for humanity. It’s good...

Skype Brought Back Online after 3-Day Outage Caused by DDoS Attack

Skype Brought Back Online after 3-Day Outage Caused by DDoS Attack

Skype went down on June 19 in Europe and in several parts of the United States. The whole outage lasted nearly 3 full days, and for some reason, Microsoft hasn’t provided any kind of information as to what caused the issues and why it took so long for the company to address it. Microsoft explained in an update posted on June 21 at 18:00 GMT that “the issue has been fully resolved,” after...

800K Virgin Media Users Advised to Change Passwords over Hacking Risk

800K Virgin Media Users Advised to Change Passwords over Hacking Risk

Virgin Media is advising 800,000 of its customers to change their router passwords over the fear that attackers could easily hack their devices. On 23 June 2017, consumer choice advocacy organization Which? published the results of an investigation it conducted to analyze the security of connected devices in the home. It set up wireless cameras, a smart padlock, a Bluetooth-enabled children’s...

Canada: Hackers Release More Data from Cowboys Casino Hack

Canada: Hackers Release More Data from Cowboys Casino Hack

Hackers have released more data from the Cowboys Casino hack of last year, this time with more sensitive information. The second data dump appeared on a torrent site and on the website pastebin.com on Thursday. “Cowboys Casino has still not taken the matter of their customers/employees security seriously, so we are releasing our 2nd data dump to the public,” reads the message. It claims the...

  • More at Metro
  • |
  • |
WSU Sends Warning to 1M People after Hard Drive with Personal Info is Stolen

WSU Sends Warning to 1M People after Hard Drive with Personal Info is Stolen

When thieves broke into an Olympia storage locker in April and hauled away an 85-pound locked safe, they set in motion a series of events that forced Washington State University to send letters to 1 million people advising them their data might have been compromised. The safe contained a computer hard drive — a backup containing personal information, including Social Security numbers, that was...

After a Data Breach, What Not to Do

After a Data Breach, What Not to Do

1) Do Not Improvise: In the event of an attack, your first instinct will tell you to begin the process of rectifying the situation. Unfortunately, if you hadn't previously developed a strategy, then whatever hasty decisions you make after an attack could worsen the situation; 2) Do Not Go Silent: Once you've been attacked, it's comforting to think that no one outside of your inner circle knows...

When Your Data Is Held Hostage: What to Do?

When Your Data Is Held Hostage: What to Do?

Ransomware like WannaCry is on the rise. These attacks involve hackers holding your digital files hostage and demanding payment for you to get them back. It poses a dilemma that no one hopes to face. Should you pay up if you fall victim to a ransomware attack? According to a recent global survey, more than one-third of victims choose to pay the ransom. And unfortunately, it’s why an increasing...

Two Men Apprehended for Hacking Microsoft

Two Men Apprehended for Hacking Microsoft

British police announced on 22 June, that they arrested two suspects part of an international group that hacked into Microsoft's network. The two suspects are a 22-year-old man from Lincolnshire and a 25-year-old man from Bracknell. The South East Regional Organised Crime Unit (SEROCU) arrested the two on 22 June morning, searched their homes for evidence, and seized a number of devices. The...

Deep Root: What Can Be Learned from the GOP’s Data Leak?

Deep Root: What Can Be Learned from the GOP’s Data Leak?

The headlines scream of how the Republicans’ data analytic contractor, Deep Root Analytics, had stored 25 terabytes (TB) of data in the cloud, of which 1.1TB (personal identifying information of American voters) were available for harvesting by anyone who found the links. The age of big data is upon us and we may be well beyond the tipping point of individual data privacy. Deep Root used Amazon...

 Back to Basic Best Practices to Thwart Attacks

Back to Basic Best Practices to Thwart Attacks

By discussing ransomware (and malware) attacks before they happen, organizations will be more prepared if or when an incident occurs. The vulnerability targeted by WannaCry, known as MS17-010, had been patched and made universally available several weeks before the ransomware was released. But many organizations didn’t implement it in time. By looking back at WannaCry, we can see that a simple...

What Does It Take to Be a Security Incident Responder

What Does It Take to Be a Security Incident Responder

The demand for cyber security incident responders remains high. Driving the demand is not only the increase in cybercriminal activity, but the fact that more organizations are realizing the need and are rushing to fill out—or start in many cases—their cyber defense teams. Among the desirable skills are a good grasp of 1) Basic security principles such as confidentiality, authentication,...

  • More at CSO
  • |
  • |
The 'Orange Is the New Black' Leak Began with a Computer Running Windows 7

The 'Orange Is the New Black' Leak Began with a Computer Running Windows 7

The hack that led to the April leak of unreleased episodes of "Orange Is the New Black" happened because an audio post-production business called Larson Studios had a computer on its network still running Windows 7. The hack was carried out in December by a person - or persons - called The Dark Overlord, who stole "dozens of titles from major studios such as Netflix, ABC, CBS, and Disney,"...