Big, but not a record.
Wawa's
massive card breach: 30 million customers' details for sale online
The Wawa breach may
rank as one of the biggest of all time, comparable to earlier Home
Depot and Target breaches.
… A
month before, in December 2019, Wawa
disclosed a major security breach during
which the company admitted that hackers planted malware on its
point-of-sale systems. Wawa said the malware collected card details
for all customers who used credit or debit cards to buy goods at
their convenience stores and gas stations. The company said the
breach impacted all its 860 convenience retail stores, of which 600
also doubled as gas stations.
According
to Wawa, the malware operated for months without being detected, from
March 4 until December 12, when it was removed from the company's
systems.
… The
store chain also said "that only payment card information was
involved, and that no debit card PIN numbers, credit card CVV2
numbers or other personal information were involved."
However,
according to a sample of the Wawa card dump obtained by ZDNet, the
card dump did include CVV2 numbers, despite Wawa's claims
Gemini experts said the Joker's Stash team is
currently selling the details of US-issued cards for $17 per card, on
average, while data for international cards is priced at a higher
$210 per card.
Does my neighbor value my privacy more than the
security of the packages Amazon leaves on his porch?
Amazon
Engineer: ‘Ring should be shut down immediately and not brought
back’
An Amazon software engineer named Max Eliaser is
calling for the shutdown of Ring, the doorbell camera company Amazon
paid $2 billion for in 2018.
They wrote:
The deployment of connected home security cameras that allow footage to be queried centrally are simply not compatible with a free society. The privacy issues are not fixable with regulation and there is no balance that can be struck. Ring should be shut down immediately and not brought back.
Those are strong words, but he’s not alone in
thinking them. A growing contingency of civil rights advocates,
surveillance experts, and pundits are working to raise awareness
about the potential dangers of Ring’s doorbell cameras.
Ring sold nearly 400,000 units in the month of
December, according to
estimates.
...This indicates that privacy advocates are
losing the battle against ubiquitous surveillance, something many
feel could destroy
the bedrock of democracy.
One of the biggest concerns with Ring cameras is
that people who choose not to install one or participate in the local
surveillance network (a connected community software system called
“Neighborhoods”
that gives police backdoor access to users’ footage) can’t choose
to opt out.
If your neighbor has a Ring camera you can’t
make them, Amazon, or the police exclude footage of you, your family,
and your guests from their recordings. Any bad actor wishing to
misuse or abuse the system – whether it’s an
Amazon employee, police
officer subverting your legal right to privacy, or a
hacker seeking to cause you harm – only needs access to a
camera nearby, even if you don’t own one.
Asking your hacker/thief to be honest? No
indication that their cyber insurance company asked them to pay the
ransom.
Denver’s
Regis University paid ransom to “malicious actors” behind campus
cyberattack
When
“malicious actors” carried out a cyberattack
on Regis University last
August — crippling the Denver campus’s IT network and downing
phones, email and Wi-Fi — university officials paid the hackers a
ransom in hopes of restoring their incapacitated systems.
Yet
even after that payment, which Regis leaders publicly revealed for
the first time to The Denver Post, the cyberattack
still impaired day-to-day operations at
the private Jesuit college for
months.
… On
Tuesday, Regis is holding a cybersecurity summit nearly six months
after the university’s systems were hacked, gathering professionals
from across the country to publicly talk about the ransomware attack
and share what the
institution and others impacted have learned, all in a bid to help
prevent such incidents from happening again.
(Related)
“Yes, we have information that will help you avoid ransomware.
No, you can’t have it.” Must be no Jesuits in Baltimore.
After
ransomware took Baltimore hostage, Maryland introduces legislation
that bans disclosing the bugs ransomware exploits
Worth checking?
Facebook
privacy tool gives users more info on how they are tracked
USAToday:
“It’s been way overdue. But Facebook has finally released a
long-promised tool that could give you more control over how the
social network traces your path across the web. CEO Mark Zuckerberg
announced the global availability of this “Off-Facebook Activity”
tool in a blog
post Tuesday
on Data Privacy Day. It’s part of an effort to fix and rewrite
Facebook’s poor scandal-riddled
narrative on privacy.
Facebook
exploits information that businesses routinely share with Facebook
about your activities when you’re beyond the virtual corridors of
the social network to serve up ads customized to your interests.
They use such business-oriented tools as Facebook Pixel, the Facebook
SDK and the Facebook Login. But you need not sign into a site or app
through Facebook Login for a business to share an interaction with
Facebook. Other triggers include opening an app, adding an item to a
shopping cart or making a donation. The Off-Facebook Activity tool
that is now available across the Facebook network lets you view a
summary of such apps and websites and ask Facebook to clear the past
information about such activities. With a little bit of extra work,
you can also ask Facebook to disassociate your future activity from
your account…”
What
can we learn, adapt or avoid?
How
Technology Is Changing Health Care in India
… Despite
its shortcomings, India’s health care sector has a lot going for it
on several fronts. A government-led
push to
get health care providers to embrace electronic medical records is
enabling artificial intelligence (AI) to extract insights from
patient data to deliver better treatment. The availability of
telecom bandwidth is making medical expertise reach underserved rural
markets through telemedicine and tele-consulting programs, delivered
over mobile phones.
No comments:
Post a Comment