Integrating people, technology & policy
Cisco has patched two serious vulnerabilities – one critical and one high-severity – in its email security appliance tool. Both bugs ultimately lead to a denial of service (DoS) on impacted devices – and can be exploited by an attacker who simply sends an email
A list of employee names, work phone numbers and job titles available to government employees through the Victorian Government directory was reportedly accessed by an unauthorized third party. According to the Australian Broadcasting Corporation (ABC), information on approximately 30,000 Victorian public servants was stolen in a data breach, after an unknown party downloaded a portion of the directory
The Pennsylvania Supreme Court recently decided that employers have a duty to take reasonable steps to protect sensitive employee data from cyberattacks. The case began after employees at the University of Pittsburgh Medical Center (“UPMC”) learned that fraudsters accessed and stole their names, social security numbers, addresses, tax forms, and bank information. Employees sued UPMC for failing to take reasonable steps to secure their data
Signet Jewelers, the company that owns Jared and Kay Jewelers, has fixed a massive data breach that allowed anyone to view the order information of other customers, including a home address and the last four digits of a purchaser’s credit card, according to a Monday
Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles.
Training users to recognize phishing is a best practice, an important “tool in the toolbox” as an IT manager once told me, and definitely something I agree with among a list of steps to improve one’s security posture. But I’ve heard anecdotes recently about IT managers prioritizing training above investing in better automated security, and have begun to wonder if training firms and many security providers who now offer it have been a bit too successful in their marketing, effectively convincing many that the job of protection should be shifted to the end user
Hanley, of Tamworth, Staffordshire, admitted supplying an article for use in fraud, obtaining and supplying articles for use in a Computer Misuse Act 1990 offence, and causing a computer to perform a function with intent to secure unauthorised access to a program or data
FIFA, the international governing body of soccer, was hacked for a second time earlier this year, the organization has acknowledged. While full details of the hack and its consequences have not yet been released, some information has begun to emerge.
One known: how the hack took place. A phishing campaign succeeded in convincing Union of European Football Associations (UEFA) staff and officials to give up their network credentials, allowing the attackers to access confidential information
The county announced Oct. 6 the computers were exposed to the virus, which targets users through sophisticated email ruses. It prompted officials to inform 4,768 customers who used public computers since Sept. 17 to monitor their personal information for fraudulent activity.