Security News for the Week Ending January 24, 2020
Breaches Gone Wild – Very Wild
Since EU’s GDPR went into effect on May 25, 2018 – about 18 months ago – 160,000 Breaches have been reported to EU authorities. A calculator will tell you that means that people are reporting between 250 and 300 security incidents A DAY!
If you think that magically, 18 months ago, the number of breaches that were occurring skyrocketed – well that is not likely. At least one of the data protection authorities says that there is over-reporting, but that two thirds of the reports are legitimate.
So far companies have PAID about $125 million in fines and the largest single fine was about $55 million. Expect many more fines in the future since the authorities have not processed most of those 160,000 reports. Source: ZDNet
Hacker Posts 500,000 Userid/Password Combinations
A hacker who is changing his business model posted the userids, passwords and IP addresses of 515,000 servers, routers and IoT devices on the Internet. The hacker had used the compromised devices to attack other computers in Distributed Denial of Service attacks.
But he has decided to change his business model and instead use powerful servers in data centers to attack his victims, so he didn’t need all of these devices any more.
What is not clear is why he published the list. He certainly could have sold it. Maybe he thought that if the list became public people who change their passwords from the default or easy to guess ones that they were using. Source: ZDNet
New York State Want to Ban Government Agencies From Paying Ransoms
Two NY Senators, a Republican and a Democrat, have each introduced bills that would outlaw using taxpayer money to pay ransoms. One of the bills includes language to create a fund to help local municipalities improve their security. Given the number of attacks on government networks, this would cause some tension. If a city could pay a ransom and get operational in a few days vs. if they didn’t have good backups, it could take months to recover. Stay tuned. Source: ZDNet
U.N. Report: Bezos Hacked By Saudi Prince MBS
While some people are questioning the report by U.N. experts that Amazon and Washington Post CEO Jeff Bezos phone was hacked by Saudi Crown Prince Mohammed Ben Salman. The report says that the hacking can be tied directly to a Whatsapp message sent from MBS’s phone. Give other things MBS is accused of doing, this is certainly possible. While the Saudis, not surprisingly, called the report absurd, others are calling for an investigation. Source: The Register