Wednesday, January 29, 2020


Big, but not a record.
Wawa's massive card breach: 30 million customers' details for sale online
The Wawa breach may rank as one of the biggest of all time, comparable to earlier Home Depot and Target breaches.
A month before, in December 2019, Wawa disclosed a major security breach during which the company admitted that hackers planted malware on its point-of-sale systems. Wawa said the malware collected card details for all customers who used credit or debit cards to buy goods at their convenience stores and gas stations. The company said the breach impacted all its 860 convenience retail stores, of which 600 also doubled as gas stations.
According to Wawa, the malware operated for months without being detected, from March 4 until December 12, when it was removed from the company's systems.
The store chain also said "that only payment card information was involved, and that no debit card PIN numbers, credit card CVV2 numbers or other personal information were involved."
However, according to a sample of the Wawa card dump obtained by ZDNet, the card dump did include CVV2 numbers, despite Wawa's claims
Gemini experts said the Joker's Stash team is currently selling the details of US-issued cards for $17 per card, on average, while data for international cards is priced at a higher $210 per card.




Does my neighbor value my privacy more than the security of the packages Amazon leaves on his porch?
Amazon Engineer: ‘Ring should be shut down immediately and not brought back’
An Amazon software engineer named Max Eliaser is calling for the shutdown of Ring, the doorbell camera company Amazon paid $2 billion for in 2018.
They wrote:
The deployment of connected home security cameras that allow footage to be queried centrally are simply not compatible with a free society. The privacy issues are not fixable with regulation and there is no balance that can be struck. Ring should be shut down immediately and not brought back.
Those are strong words, but he’s not alone in thinking them. A growing contingency of civil rights advocates, surveillance experts, and pundits are working to raise awareness about the potential dangers of Ring’s doorbell cameras.
Ring sold nearly 400,000 units in the month of December, according to estimates.
...This indicates that privacy advocates are losing the battle against ubiquitous surveillance, something many feel could destroy the bedrock of democracy.
One of the biggest concerns with Ring cameras is that people who choose not to install one or participate in the local surveillance network (a connected community software system called “Neighborhoods” that gives police backdoor access to users’ footage) can’t choose to opt out.
If your neighbor has a Ring camera you can’t make them, Amazon, or the police exclude footage of you, your family, and your guests from their recordings. Any bad actor wishing to misuse or abuse the system – whether it’s an Amazon employee, police officer subverting your legal right to privacy, or a hacker seeking to cause you harm – only needs access to a camera nearby, even if you don’t own one.




Asking your hacker/thief to be honest? No indication that their cyber insurance company asked them to pay the ransom.
Denver’s Regis University paid ransom to “malicious actors” behind campus cyberattack
When “malicious actors” carried out a cyberattack on Regis University last August — crippling the Denver campus’s IT network and downing phones, email and Wi-Fi — university officials paid the hackers a ransom in hopes of restoring their incapacitated systems.
Yet even after that payment, which Regis leaders publicly revealed for the first time to The Denver Post, the cyberattack still impaired day-to-day operations at the private Jesuit college for months.
On Tuesday, Regis is holding a cybersecurity summit nearly six months after the university’s systems were hacked, gathering professionals from across the country to publicly talk about the ransomware attack and share what the institution and others impacted have learned, all in a bid to help prevent such incidents from happening again.


(Related) “Yes, we have information that will help you avoid ransomware. No, you can’t have it.” Must be no Jesuits in Baltimore.
After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits




Worth checking?
Facebook privacy tool gives users more info on how they are tracked
USAToday: “It’s been way overdue. But Facebook has finally released a long-promised tool that could give you more control over how the social network traces your path across the web. CEO Mark Zuckerberg announced the global availability of this “Off-Facebook Activity” tool in a blog post Tuesday on Data Privacy Day. It’s part of an effort to fix and rewrite Facebook’s poor scandal-riddled narrative on privacy. Facebook exploits information that businesses routinely share with Facebook about your activities when you’re beyond the virtual corridors of the social network to serve up ads customized to your interests. They use such business-oriented tools as Facebook Pixel, the Facebook SDK and the Facebook Login. But you need not sign into a site or app through Facebook Login for a business to share an interaction with Facebook. Other triggers include opening an app, adding an item to a shopping cart or making a donation. The Off-Facebook Activity tool that is now available across the Facebook network lets you view a summary of such apps and websites and ask Facebook to clear the past information about such activities. With a little bit of extra work, you can also ask Facebook to disassociate your future activity from your account…”




What can we learn, adapt or avoid?
How Technology Is Changing Health Care in India
Despite its shortcomings, India’s health care sector has a lot going for it on several fronts. A government-led push to get health care providers to embrace electronic medical records is enabling artificial intelligence (AI) to extract insights from patient data to deliver better treatment. The availability of telecom bandwidth is making medical expertise reach underserved rural markets through telemedicine and tele-consulting programs, delivered over mobile phones.



No comments: