Tax season means it’s time to watch out for W-2 scams

W-2 phishing

Perhaps harder to understand is why so many of these emails make it through to their recipients, whether or not the recipients actually fall for the scam.

After Yahoo! breach, can users do anything to protect their online data?

In light of news reports that company executives did little to strengthen cyber-defenses, the group that seems most overlooked in the aftermath of the breach is Yahoo! customers.

It’s hardly treason, but Trump’s call for Russian hacking still encourages illegal actions

A brief examination of relevant U.S. laws suggests that Trump is at the very least encouraging action that violates U.S. law, because computer hacking generally (whether perpetrated by domestic or foreign actors) is illegal.

Epic Mossack Fonseca breach tied to basic patch management failures

Mossack Fonseca failed to understand even basic information security and privacy principles and lacked the IT management skills or oversight necessary to ensure that they were adequately protecting their own and their clients’ information.

MedStar attack apparently enabled by unpatched software

Attackers who find vulnerable servers can deploy ransomware without any action on the part of users in the targeted organization.

OPM (finally) notifies people affected by breach

My notification letter arrived on November 23, 137 days after the public announcement and approximately 200 days after OPM says it discovered the incident.

Hopes for better privacy protection in CISA depend on conference committee reconciliation

Privacy advocates and industry groups oppose the new legislation for many of the same reasons that led to the demise of the Cyber Intelligence Sharing and Protection Act (CISPA), but in the wake of a seemingly unending string of major data breaches and cyber intrusions, it appears likely that Congress will get a bill to the the president for signature.