People often ask me how come the hackers seem to be winning in spite of the seeming endless spend on cybersecurity, security training and law enforcement. Let me give you a couple of recent news items and see if you can figure it out. These are just a few of the hundreds and hundreds of […]
Continue reading → [DISPLAY_ACURAX_ICONS]In an example of dozens of known breaches and likely thousands of similar situations which never get reported, security researcher Jeremiah Fowler discovered a non-password protected, unsecured (sort of redundant) database containing 38.6 million records belonging to legal support services company Rapid Legal. The information left exposed included court documents, service agreements and payment information […]
Continue reading → [DISPLAY_ACURAX_ICONS]CNN published an explosive expose on how Airbnb fails to protect guests from hidden cameras. In a lawsuit brought by a victim whose vacation turned into a nightmare, a women was secretly recorded undressing at an Airbnb property, her images were stored on a computer belonging to an (alleged) sexual predator. The predator is accused […]
Continue reading → [DISPLAY_ACURAX_ICONS]NYC’s Gotham Restaurant Forced to Close After Cyber Scam Hopefully they will be able to re-open, but for businesses, the law is much less forgiving. The ritzy Greenwich Village restaurant fell for a business email compromise attack that had it send its payroll money to what they thought was their payroll service’s “new” bank account. […]
Continue reading → [DISPLAY_ACURAX_ICONS]I don’t even know where to go with this other than to say, unfortunately, I am not surprised. Likely not patching a known bug is probably not illegal, as is not disclosing it. Roll back almost a decade, in 2016, whistleblower and security expert Andrew Harris was working for Microsoft. He was investigating a breach […]
Continue reading → [DISPLAY_ACURAX_ICONS]CISA’s SECURE SOFTWARE DEVELOPMENT ATTESTATION FORM rule comes into effect next week. It requires that companies that produce software and sell it to the government adhere to key security practices. It also requires that those developers attest to their practices. In writing. Signed by an executive of the company. It applies to companies that do […]
Continue reading → [DISPLAY_ACURAX_ICONS]