-
Hacking the High School Grading System
PRIVACY PRIVACY Interesting New York Times article about high-school students hacking the grading system. What’s not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail—they have a grading floor under them, they know it, and that allows them to game the system. Several teachers whom I…
-
New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack
PRIVACY PRIVACY Email security provider Cofense has unveiled a large-scale phishing campaign leveraging LinkedIn Smart Links Read More
-
After hackers distribute malware in game updates, Steam adds SMS-based security check for developers
PRIVACY PRIVACY Valve, the company behind the Steam video game platform, has announced a new security feature after multiple reports of game updates being poisoned with malware. But have they chosen the best way to protect developers’ accounts? Read more in my article on the Hot for Security blog. Read More
-
What is Cyber Threat Intelligence?
PRIVACY PRIVACY The MS- and EI-ISAC Cyber Threat Intelligence team helps support SLTTs’ cybersecurity defenses. Here’s what we mean when we say “CTI.” Read More
-
User Data from 23andMe Leaked Online – What Users Should Do, and the Rest of Us Too
PRIVACY PRIVACY A hacker claims to have hijacked profile information of “millions” of users from the popular genetic testing site 23andMe.com. What’s at risk? Some of the most personal info possible. The profile info varies by user, which plans and services they’ve selected, and how the hacker accessed it. Yet it potentially includes personal info…
-
CISOs Receive Smaller Raises and Bonuses in 2023
PRIVACY PRIVACY Most CISOs are considering a job change in the next 12 months Read More
-
Vulnerability Exposed in WordPress Plugin User Submitted Posts
PRIVACY PRIVACY With over 20,000 active installations, the plugin is used for user-generated content submissions Read More
-
California Enacts “Delete Act” For Data Privacy
PRIVACY PRIVACY Governor Newsom signed the first US bill requiring data brokers to delete personal data upon request Read More
-
Chinese APT ToddyCat Targets Asian Telecoms, Governments
PRIVACY PRIVACY A cyber espionage campaign tied to the Chinese group ToddyCat is targeting high-profile organizations in Kazakhstan, Uzbekistan, Pakistan, and Vietnam Read More
-
Bounty to Recover NIST’s Elliptic Curve Seeds
PRIVACY PRIVACY This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late ’90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry…