Tag Archive for: covered

Uber’s former security chief covered up enormous hack he said ‘did not exist’

/in


Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Uber’s former chief security officer has been found guilty of attempting to cover up a data breach in which hackers accessed tens of millions of customer records.

Joseph Sullivan was convicted of obstructing justice and concealing knowledge that a federal felony had been committed.

Mr Sullivan remains free on bond pending sentencing and could face a total of eight years in prison on the two charges when he is sentenced, prosecutors said.

“Technology companies in the Northern District of California collect and store vast amounts of data from users,” US Attorney Stephanie M. Hinds said in a statement. “We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users.”

It was believed to be the first criminal prosecution of a company executive over a data breach.

The lone hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were inside Uber’s network. There was no indication they destroyed data.

A lawyer for Mr Sullivan, David Angeli, took issue with the verdict. “Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” Angeli told the New York Times.

Uber did not respond to a request for comment.

Mr Sullivan was hired as Uber’s chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to…

Source…

Third-party liability for ransomware attacks: Are you covered?

/in


 

Oliver Sepulveda, associate with Shutts& Bowen in Miami. Courtesy photo Oliver Sepulveda, associate with Shutts& Bowen in Miami. Courtesy photo

The COVID-19 pandemic has caused a massive shift in the way organizations do business and the way their employees do their work, but, as is often the case, this shift has brought about an increase in cybersecurity risks, which should not be overlooked. Much of this increased risk comes from the rise of ransomware attacks.

According to one of the largest cyber insurance providers in North America, approximately 41% of cyber insurance claims in the first half of 2020 are attributed to ransomware attacks. While one can be forgiven for thinking that cybersecurity is only a concern for large corporations, that is far from the case.

The malicious actors behind ransomware attacks do not discriminate. It is a problem that affects organizations large and small in various industries including health care, government, construction, manufacturing, legal, and education, to name a few.

Despite this increased risk, cybersecurity companies report that more than a quarter of small businesses have no plan to mitigate a ransomware attack.

For the uninitiated, ransomware is a type of malicious software that is embedded into a computer system through a variety of different methods. It encrypts the data on that system, potentially rendering that system, and any other systems that rely on that data, inoperable.

The ultimate goal of the malicious actors is to extort money, a ransom, from the victim by offering to restore the computer systems upon payment. Victims can either pay the ransom or deal with the fallout; many, at the suggestion of their cyber insurance carriers, opt to pay the ransom.

Unfortunately, when faced with a possible ransomware attack, organizations need to consider the unintended victims and the potential for liability to reliant third parties if their computer systems remain inoperable or their data is lost.

Recently, a hospital in Germany was a victim to a ransomware attack which caused the need for an emergency transport of a number of patients due to the inoperable computer systems. Tragically, one of the patients died during transport and is reported to be the first known death caused by a ransomware…

Source…

Third-Party Liability for Ransomware Attacks, Are You Covered?

/in


Want to continue reading?
Become a Free ALM Digital Reader.

Benefits of a Digital Membership:

  • Free access to 3 articles* every 30 days
  • Access to the entire ALM network of websites
  • Unlimited access to the ALM suite of newsletters
  • Build custom alerts on any search topic of your choosing
  • Search by a wide range of topics

Click here to access the Public Notices and the Courts sections of the The Daily Business Review in PDF format.
Already have an account?

Source…

No need to worry about the vBulletin zero-day exploit: Instart had you covered – Security Boulevard

/in

No need to worry about the vBulletin zero-day exploit: Instart had you covered  Security Boulevard
“zero day exploit” – read more