Shaun Waterman – Page 9 – WindowsTechs.com

Equifax breached, up to 143 million SSNs and DOBs stolen, all Americans offered credit monitoring

Posted on September 7, 2017 by Shaun Waterman

Massive multinational credit reporting company Equifax has been breached by hackers, with up to 143 million U.S. residents having their names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers stolen from the company’s databases. Although the breach affects just over 60 percent of the adult population of the U.S., it is far from being the largest ever. Two Yahoo breaches revealed last year impacted almost 1.5 billion accounts. But experts said it might nonetheless be the worst, because the consumers affected would all immediately be at high risk of identity theft for the foreseeable future. Unlike when credit card or password information is stolen, consumers cannot change their Social Security number or date of birth. The largest breach of SSNs prior to Thursday was the 2015 Anthem hack of 80 million records. In an unprecedented move, Atlanta-based Equifax said it was offering a year’s free credit monitoring — […]

The post Equifax breached, up to 143 million SSNs and DOBs stolen, all Americans offered credit monitoring appeared first on Cyberscoop.

Continue reading Equifax breached, up to 143 million SSNs and DOBs stolen, all Americans offered credit monitoring→

Cyber Command lacks authorities, capabilities, Pentagon watchdog says

Posted on September 7, 2017 by Shaun Waterman

U.S. Cyber Command lacks the authorities it needs to manage personnel, set standards for training and ensure its Cyber Mission Force teams are properly equipped for combat, according to a Department of Defense watchdog. A classified November 2015 report by the Pentagon inspector general assessed whether the CMF teams “had adequate facilities, equipment and capabilities to effectively perform missions.” A heavily redacted version was released to CyberScoop this week as the result of a Freedom of Information Act request. Although the report is almost two years old, many of the problems it describes persist, according to former military officials who spoke to CyberScoop on condition they not be identified or quoted, owing to the classified nature of the issues. The Trump administration’s plan to elevate U.S. Cyber Command to full-fledged Unified Combatant Command status — and other changes proposed and in some cases implemented since the report was issued — will help […]

The post Cyber Command lacks authorities, capabilities, Pentagon watchdog says appeared first on Cyberscoop.

Continue reading Cyber Command lacks authorities, capabilities, Pentagon watchdog says→

Cyber Command lacks authorities, capabilities, Pentagon watchdog says

Posted on September 7, 2017 by Shaun Waterman

The post Cyber Command lacks authorities, capabilities, Pentagon watchdog says appeared first on Cyberscoop.

Continue reading Cyber Command lacks authorities, capabilities, Pentagon watchdog says→

Election officials criticize Harvard study of voter registration vulnerabilities

Posted on September 6, 2017 by Shaun Waterman

Election officials are pushing back against a new Harvard study saying hackers could disenfranchise Americans in 35 states and the District of Columbia by exploiting vulnerabilities in online voter registration systems. The study published Wednesday in the journal Technology Science says hackers could buy — either from commercial data brokers or more cheaply from cybercriminals — all the personal data they need about millions of Americans to fraudulently alter voter registration records online. Calling it “voter identity theft,” journal Editor-in-Chief Latanya Sweeney, who is also a Harvard professor, and co-authors Ji Su Yoo and Jinyan Zang say a broad scale attack on several states could be carried out with data costing just a few thousand dollars. But state elections officials told CyberScoop the report was overblown. “The study doesn’t reflect the safeguards that the states have in place to guard against this sort of thing,” said Indiana Secretary of State Connie Lawson, this year’s president of the National […]

The post Election officials criticize Harvard study of voter registration vulnerabilities appeared first on Cyberscoop.

Continue reading Election officials criticize Harvard study of voter registration vulnerabilities→

Lenovo settles FTC, state complaints on preinstalled invasive adware

Posted on September 5, 2017 by Shaun Waterman

Computer hardware giant Lenovo settled Tuesday with the Federal Trade Commissions and 32 state attorneys general in a case arising from its sale of laptops preloaded with invasive adware that compromised consumer security — but the company denies any wrongdoing. The FTC deal involves no direct financial penalty, and the company can even resume installing the VisualDiscovery adware on its products — as long as it gets affirmative consent to do so from each consumer, and as long as there is an effective and accessible way for consumers to opt out, according to the settlement. Lenovo will pay $3.5 million to settle the state cases. “This case … emphasizes the importance of adequate disclosure,” FTC acting Chairwoman Maureen Ohlhausen told reporters in a conference call. “If you’re going to track people in unexpected and risky ways, make sure you’re clear about what you’re doing and get consumers’ permission.” She brushed aside suggestions […]

The post Lenovo settles FTC, state complaints on preinstalled invasive adware appeared first on Cyberscoop.

Continue reading Lenovo settles FTC, state complaints on preinstalled invasive adware→

Instagram buying domains to deter hackers from selling data

Posted on September 5, 2017 by Shaun Waterman

Instagram appears to have spent the long weekend buying up internet domains that hackers might try to use to sell contact information stolen last week from as many as 6 million of the social media app’s 700 million user accounts. A company spokeswoman declined to comment Tuesday to CyberScoop about a news report over the weekend that Instagram, through brand reputation management outfit Mark Monitor, had been buying up hundreds of web domains using the word “Doxagram.” That’s the name of the website first used by hackers to sell for $10 a pop the stolen data scraped from Instagram through a security flaw in an application programming interface or API. Last week, the hackers were kicked off Doxagram.com and two other sites they subsequently migrated to. Over the weekend the appeared to find a home on the dark web, where the Tor service bounces encrypted traffic around the internet to disguise its origin and destination. The […]

The post Instagram buying domains to deter hackers from selling data appeared first on Cyberscoop.

Continue reading Instagram buying domains to deter hackers from selling data→

Instagram investigating larger breach; hacker claims 6 million accounts for sale

Posted on September 1, 2017 by Shaun Waterman

Instagram said Friday it is continuing to investigate a data breach linked to a flaw in its application programing interface that exposed user names, phone numbers and email addresses — but not passwords. A hacker claims to have stolen data from 6 million accounts, and is offering them for sale for $10 apiece. Earlier in the week, Instagram said it had found and fixed a “bug” in its API. In a statement, it said the vulnerability had enabled “one or more individuals” to get “unlawful access” to contact information from a number of high-profile user accounts. The company was responding to the apparent hacking of actress and singer Selena Gomez’s account. “We fixed the bug swiftly and are running a thorough investigation,” Instagram told CyberScoop Friday. The company said that the hackers initially appeared to have targeted high-profile accounts and that “out of an abundance of caution,” it had notified all verified users. Gomez, with 126 million followers as […]

The post Instagram investigating larger breach; hacker claims 6 million accounts for sale appeared first on Cyberscoop.

Continue reading Instagram investigating larger breach; hacker claims 6 million accounts for sale→

Justice Department waves legislative stick at tech sector over encryption

Posted on August 31, 2017 by Shaun Waterman

If U.S.-based tech companies don’t find a way to allow cops with a warrant to access to encrypted communications — a move derided as a crypto backdoor by critics — the Trump administration may propose legislation to force them, according to Deputy Attorney General Rod Rosenstein. Addressing law enforcement officials at an anti-terrorism conference in Utah, Rosenstein went further than other officials have this year in threatening the tech sector with legislative action that would compel them to provide technical means for court-ordered wiretaps or device searches. “I hope that technology companies will work with us to stop criminals from defeating law enforcement. Otherwise, legislation may be necessary,” he warned. He recalled the aftermath of the San Bernardino terror attack, when Apple successfully fought off court orders aimed at forcing it to create a backdoor into the iPhone used by the shooter. “Unfortunately, some companies are unwilling to help enforce court orders to […]

The post Justice Department waves legislative stick at tech sector over encryption appeared first on Cyberscoop.

Continue reading Justice Department waves legislative stick at tech sector over encryption→

Email marketers call for stricter FTC rules on spam

Posted on August 31, 2017 by Shaun Waterman

Two coalitions of online and email marketing companies are calling for the Federal Trade Commission to tighten some restrictions on commercial email, including broader use of message authentication protocols like DMARC, more user-friendly opt-out and unsubscribe options and prohibitions on the use of technologies designed to defeat spam filters and other anti-spam techniques. The calls come in public comments the FTC is soliciting as it prepares to review rules it imposed in 2005, implementing the Controlling the Assault of Non-Solicited Pornography and Marketing, or CAN-SPAM, Act of 2003. The comment period — which closes this week — is designed to inform the agency’s regular review of its rules and will not necessarily result in any changes to the regulations. The Email Sender and Provider Coalition — an industry group for bulk-mail senders — and the Online Trust Alliance, a nonprofit that’s part of the Internet Society, have both submitted comments. OTA subissions are endorsed by a half dozen interactive marketers and […]

The post Email marketers call for stricter FTC rules on spam appeared first on Cyberscoop.

Continue reading Email marketers call for stricter FTC rules on spam→