Breaches & Exposures News, Articles and Updates

Avoiding the trap of data breach fatigue using identity analytics

Todd Peterson warns that if we are told the intruder is already inside, then identity and access management can minimise impact as identity analytics provides insight into potential risk before anything bad can happen.

ICYMI: Coup messages, Pokemon threat, gaming breach, SAP HANA bug, ransomware fight

The latest In Case You Missed It (ICYMI) looks at Whatsapp leaked; Pokemon a threat?; gaming breach; SAP HANA remote control; Fight against ransomware

SC Roundtable sponsored by Venafi: how to respond to a breach - successfully

Industry leaders gathered this week in the City of London's Sky Garden to discuss that most pressing of issues: How to respond to a breach - successfully.

FBI warning on 'destructive' attack that wipes all data

FBI alert follows Sony Pictures hack for which North Korea refuses to deny involvement.

Visa confirms another payment processor breach

Another payment processor has fallen victim to hackers, Visa confirmed on Monday.

Poorly implemented Citrix poses security risk

Organisational security could be at risk if Citrix is not implemented carefully, according to tests carried out by Global Secure Systems (GSS).

Removable devices pose new security risk

Government departments 'must beef up the security of removable devices such as USB memory sticks and removable hard drives' to avoid data breaches.

Steganography harnesses VoIP networks

Steganography is an established technique to hide secret data inside normal data transmissions, but new techniques are being developed to hide packets inside routine VoIP traffic, and escape detection

Indian Government withdraws threat over BlackBerry services

The threat which could have led to the country's BlackBerry services being suspended appears to have lifted after the Government backed down on its own demands for access to users' data

HMRC breach would have been avoided for just £15,000

The catastrophic loss of information of 25 million UK citizens last year would have been avoided if Her Majesty's Revenue and Customs had spent a maximum of £15,000 on the extraction of data, but it turned down this expenditure because information security was such a low priority, one of the breach investigators revealed today

Data watchdog admits to deluge of Central Government breach info

The Information Commmissioner's Office has revealed it has been voluntarily informed of a huge number of security breaches - mostly in Westminster - while it eyes up plans for a new law which could make the reporting of such incidents compulsory

Exclusive: Privacy campaigners may sue EC over provision of citizens' personal data to the FBI

A leading civil rights organisation is threatening the European Commission with legal action as Brussels nears an agreement with the US over plans to release details of individuals' credit card histories and internet browsing habits to the FBI

Poynter review: HMRC has radically reduced security risks

PwC chairman Kieran Poynter, the man tasked to investigate what happened in the catastrophic HMRC data breach, has revealed that significant progress has been made since the disastrous information leakage last October

Oyster card hackers may have their research blocked

Two Dutch academics who came to London last week to prove they could break the cipher behind London's Oyster travel card have been warned by the country's Government not to expose any secrets in their upcoming paper on the subject

Pacific island knocked off internet by DDoS attack

The Marshall Islands have been subjected to a prolonged bout of unexpected email traffic, preventing citizens receiving emails, but the reason for the attack remains unclear

Poynter Review, IPCC severely criticise HMRC over data breach

Two separate reports into the data leakage of 25 million records from Revenue & Customs last year have widely condemned data security procedures in the Government department

Scotland loses details of nearly one million 999 calls

Parcel courier TNT has lost a disk containing extensive details of emergency calls made in Scotland over the last two years

Dutch academics hack Oyster card

Security lecturers from a leading Netherlands university travelled to London last week to crack the Oyster smart card, clone it and get a free day's travel, while they pursue an open source alternative

Private investigators fined by magistrates after conning BT for information

Two private detectives have been fined by a London court after blagging information on the partner of a man wanted for a debt to their client

ATM hackers net millions using stolen information

Citibank, one of the world's largest banks, has been hit by a chain of fraudulent cashpoint transactions, according to a US federal grand jury indictment; a Ukranian immigrant has now been charged

Weak security controls to blame as finance firm is hit by FSA fine

Merchant Securities is forced to cough up £77,000 for putting its customers at risk of identity fraud as part of a crackdown on lax security controls by the financial services watchdog

Coffee drinkers in peril after espresso overspill attack

A geeky risk advisory manager from global accountancy firm BDO has hacked into a leading coffee machine, causing it to pour scalding water onto unsuspecting espresso lovers

Stolen data found on international crimeservers

Two crimeservers containing half a gigabyte of stolen data have been discovered in Argentina and Malaysia; the data was likely being made available to the highest bidder

Government admits breaching data rules following PC theft

A senior civil servant has revealed that his department did not meet its own data protection guidance as the PC of minister Hazel Blears was stolen from her constituency office

NASA hacker appeals to House of Lords to overturn extradition

Appearing in Parliament this week, Gary McKinnon's legal team have argued that his planned extradition to the US should be overturned because US officials abused legal processes, while lawyers representing the Home Office say the extradition should proceed

Home Secretary faces grilling after second secret document leak

Jacqui Smith is to face questioning from the chair of the home affairs select committee over whether the country's fight against terrorism has been compromised after a second set of confidential Government documents was left on a train

Government suspends civil servant over al-Qaeda document leak

A Cabinet Office employee who left top secret documents regarding Iraq and Al-Qaeda on a busy London commuter train has been suspended; police are investigating

Ethical hacking site falls victim to hackers

Metasploit, the hacking tools site which is widely used by white hat hackers, has itself fallen victim to ARP poisoning, which led to the defacement of the site

Motorola RAZR found vulnerable to JPEG attack

Hackers could run malicious code on the RAZR device by sending a corrupt image by MMS, according to an advisory from TippingPoint