Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending December 5, 2014. Covers enterprise, controversies, reports and more.
This week, Sony's breach went nuclear, banks were cleared to sue Target for credit card hack negligence, Microsoft readied its patches, security seals lost their standing, and much more.
The unbelievably extreme Sony Pictures Entertainment hack became Hollywood's Snowden moment in what might turn out to be the breach of the century (so far). CSO reports in Thursday's file dump, "Among the IT data leaked by GOP, totaling more than 11,000 files, are hundreds of RSA SecurID tokens, Lotus Notes IDs, and certificates - many of them with the required passphrase stored alongside." Hacking crew Guardians Of Peace have published more sensitive Sony internal files than anyone can keep track of: There's no end in sight -- or answers as to who or why. Silver spoon tech media darling Re/code incorrectly reported (and later insisted) that North Korea was responsible for the attack; Sony then went on record to state that Re/code's reporting was inaccurate.
Researcher finds way to hack PayPal accounts with single click | News | http://t.co/X8mqjKIP8C - http://t.co/gBwIkh0tel
-- Autodidact (@Secbuff) December 5, 2014
Doctor, it hurts when I bang my head against the wall repeatedly. Well stop doing that. I can't, I work in defensive security.
-- Jeffrey Czerniak (@geekable) December 5, 2014
The 2014 Cyber Claims Study was published on Wednesday (by NetDiligence and sponsored by AllClear ID, McGladrey and ICSA Labs). It's based on the sampling of 117 data breach insurance claims; the focus is on 111 of these cases in which sensitive personal data was exposed. The average claim payout for a large company was $1.9 million.
On Tuesday a District Court judge in Minnesota ruled that banks can sue Target for negligence in the 2013 credit card hack. "Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur," the judge wrote in his order.
Topics: Security, Big Data, Google, Government, Microsoft, Symantec
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that inclu... Full Bio
zdnet_core.socialButton.googleLabel Follow @@violetblue Contact Disclosure Ms. Violet Blue is an Advisor for Without My Consent (a legal nonprofit for survivors of online harassment) and an Editor on the Editorial Board for The Porn Studies Journal (Routledge). She is a Member of the Internet Press Guild and a Member of The Center for Investigative Reporting. Ms. Blue is currently under contract for one book with NoStarch Press, and regularly freelances for various outlets including San Francisco online news outlet SF Appeal, Penthouse and Playboy. Ms. Blue's Nokia WindowsPhone is a review model from Microsoft. She is not sponsored by any company, person or entity, or under any exclusive contract. Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
No comments:
Post a Comment