|
Scam Report: Dominoes still falling 3 years after Yahoo data breach
Reading Eagle A single click was all it took to launch one of the biggest data breaches ever. One mistaken click. That's all it took for a Canadian hacker aligned with rogue Russian FSB spies to gain access to Yahoo's network and potentially the email messages and … |
Yahoo Finance |
Malware study shows people still falling for old tricks, but there's hope
Yahoo Finance Too many of us still fall for the old “click this attachment” email trick, and get our computers infected with malware or viruses. The result: our data is increasingly … |
Numerous federal agencies rely on legacy systems that have security bolted on as an afterthought instead of security “being deeply embedded” in the systems. It is unsurprising that such older hardware, software and operating systems are vulnerable to intrusions. But sometimes security problems have more to do with human vulnerabilities – stupid PEBKAC and ID10T errors committed by the person behind the keyboard – than legacy systems. If the same people who handle sensitive government information also keep falling for phishing scams, should they have their security clearance revoked? Indeed they should, according to DHS chief security officer Paul Beckman.
To read this article in full or to leave a comment, please click here
Government organizations are struggling when it comes to securing the computer software they use, which could partially explain the large data breaches reported in that sector over the past several years.
Three out of four applications used by government organizations are not compliant with one of the primary software security policies and most of the flaws found in them never get fixed, according to a report released Tuesday by U.S.-based application security firm Veracode.
The report is based on an analysis of more than 200,000 applications over the past 18 months that are used by organizations in various industries. The tests were performed using Veracode’s cloud-based application security testing platform that uses static analysis, dynamic analysis and manual penetration testing techniques.
To read this article in full or to leave a comment, please click here