The British Information Commissioner’s Office (ICO) levied the toughest fine possible — 500,000 pounds (or about $660,000) — against Facebook for allowing Cambridge Analytica to harvest the personal data of millions of people without their consent. The ICO, the agency that enforces the United Kingdom’s data protection laws, began investigating Facebook’s possible misuse of personal data in May 2017, but revelations of the Cambridge Analytica incident spurred it to complete its examination. Continue reading Facebook Faces First Fine for Cambridge Analytica Scandal

Cyber criminals recently hacked the municipal computers of Rockport, Maine, demanding $1,200 in Bitcoin to unlock them. That’s just one example of a surge of ransomware aimed at municipal computer systems, both large and small, including the city of Atlanta and a St. Louis library system. According to Ponemon Institute, an information systems research firm, these kinds of public sector hacks are increasing faster than those on private ones. City officials are often unprepared to deal with the consequences. Continue reading Municipalities Increasingly Targeted for Ransomware Attacks

Since Apple’s publicized showdown with the FBI following the San Bernardino shooting in 2015, after the company refused to unlock a suspected killer’s iPhone, law enforcement agencies have been turning to third parties in order to access information from iPhones. Now Apple has indicated an upcoming software update, designed to enhance security, will block access to an iPhone’s Lightning port one hour after it is locked. Some authorities believe the update also impacts their ability to access phone data in criminal investigations, which could reignite the privacy debate that followed San Bernardino. Continue reading Apple Closing Loophole That Lets Authorities Hack iPhones

According to Cisco’s threat intelligence division Talos, an estimated 500,000 routers in 54 countries have been infected by malware that the FBI and cybersecurity experts refer to as VPNFilter. The Justice Department has warned that routers are already under control of the Sofacy Group, which is reportedly directed by Russia’s military intelligence agency. Devices from Linksys, MikroTik, Netgear, QNAP and TP-Link are believed to be among the affected equipment. The FBI has requested that owners of home and office routers turn them off and turn them back on. Rebooting the routers will disrupt the malware if present. Users are also encouraged to upgrade firmware, disable remote-management settings, and select a new password. Continue reading FBI Requests That We Reboot All Routers to Disrupt Malware

Cisco Systems and U.S. and Ukrainian authorities have warned that a network of half a million routers and storage devices has been hacked and is capable of a massive cyberattack. Security researchers said that the attack could take place during soccer’s UEFA Champions League’s final match on Saturday in Kiev. The devices, in 54 countries, are infected with VPNFilter malware that can shut them down, said Cisco security researcher Craig Williams. The U.S. government is working to reclaim control of the infected servers. Continue reading Cisco Warns of Huge Hacked Network Primed for Cyberattacks

Facebook is scrutinizing another quiz app, myPersonality, created by University of Cambridge academics following the Cambridge Analytica debacle. According to New Scientist, the myPersonality app collected data from six million people, about 40 percent of whom agreed to share their Facebook information. The app creator countered that Facebook had known about myPersonality for years. But the app is also being investigated by Britain’s Information Commissioner’s Office for whether the data was properly anonymized. Continue reading Facebook Suspends Quiz App Linked to Cambridge University

A federal advisory panel of 70+ industry, labor and law enforcement experts failed to come to agreement on a proposal on how to track and identify drones. More specifically, the panel could not find agreement regarding categories of drones that should require remote monitoring. The result is that it will now be more difficult for the Federal Aviation Administration to execute rules that would please all concerned groups, which include law enforcement agencies, hobbyists and drone advocates. Continue reading FAA Panel Fails to Reach Consensus on Drone Regulations

The Equifax breach exposed millions of U.S. adults’ personal information, prompted Federal Trade Commission and FBI investigations, and spurred lawsuits by many states’ attorneys general. With the threat of even worse breaches in the future, companies will be urged to adopt better cybersecurity practices. But the Equifax breach is likely to have another result that tech companies won’t like: the need for transparency. Although 48 states have already passed data-breach disclosure laws, now federal regulations are proposed. Continue reading Equifax Breach Spurs Call for Federal Laws on Transparency

Equifax’s two cyber breaches, which exposed about 143 million Americans’ personal information, were the work of hackers who took advantage of a flaw in Apache Struts software. The nonprofit Apache Software Foundation and the U.S. Computer Emergency Readiness Team warned of the bug in early March, but Equifax only alerted its end users on September 7, almost five months later. IT experts say the event highlights the challenges in keeping software current and identifying all potentially vulnerable applications. Continue reading Equifax Breaches Spur Businesses to Prioritize Cybersecurity

Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.   Continue reading Equifax Data Breach, Discovered in July, Impacts 143 Million

The Trump administration is upending the nascent drone industry, proposing legislation that would allow the federal government to track, commandeer, disable or destroy unmanned aerial vehicles. The legislation would include a new exception to surveillance, computer privacy and aircraft protection laws. The administration held a classified briefing for congressional staff members. At the same time, the D.C.-based U.S. Court of Appeals ruled against the FAA requirement for non-commercial drone owners to register their aircraft. Continue reading Bill Calls For More Drone Control, FAA Registry Struck Down

A cyberattack impacted computer systems in more than 150 countries over the weekend. The weapon used to initiate the attack is believed to be based on recently published vulnerabilities stolen from the National Security Agency. The attack, one of the largest ever, took over computers, encrypted their files and demanded payment in Bitcoin of $300 or more. Among the major institutions and government agencies impacted were FedEx in the U.S., the Russian Interior Ministry and Britain’s National Health Service. The attack also hit smaller venues, such as a car manufacturing factory in Romania owned by Renault. Continue reading Major Cyberattack Hits 150 Countries, Could Keep Spreading

A hacker group that goes by the name “TheDarkOverlord” has reportedly stolen episodes from a number of television shows. Over the weekend, 10 episodes from the upcoming fifth season of “Orange Is the New Black” was shared after Netflix did not meet ransom requests. The hackers may have access to up to three dozen series from networks including ABC, CBS, Fox, FX, IFC, NatGeo and NBC. It provided a list of TV series and a few movies to cybersecurity blog DataBreaches.net, claiming that the content was stolen from audio post-production facility Larson Studios. Continue reading Hacker Releases Original Netflix Content, Threatens Networks

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack

An international team of law enforcement agencies and security firms just took down “Avalanche,” a botnet that has been engaged in phishing attacks and at least 17 different malware families since at least late 2009. The team took offline more than 221 servers and more than 800,000 domain names used by Avalanche, and conducted searches and arrests in five countries, according to a statement released by the FBI and U.S. Department of Justice. Avalanche malware impacted victims in over 180 countries. Continue reading International Law Enforcement Takes Down Avalanche Botnet