Security News for the Week Ending December 27, 2019

Russia Claims to Have Successfully Disconnected from the Internet

Russia has been planning to install an Internet kill switch for a couple of years now.  Of course, we have no clue what that means.  Likely, it means that they have their own DNS servers so that they do not have to resolve web site addresses using servers controlled by the US and EU.  But that means any web sites that are outside of Russia will not work if they do this.

More likely, this process, which forces all traffic through government controlled gateways, is designed to surveil its citizens even more than it already does.  Details at ZDNet.

Pentagon Tells Military Not To Use “At Home” DNA Tests

I am not sure that Ancestry.com or 23AndMe are terribly happy about the message, but the Pentagon put out a memo this week telling members of the armed services not to take at home DNA tests unless otherwise notified.

The cover story is that the tests might be unreliable and not reviewed by the FDA.  The next story is that negative results might require members of the armed forces to disclose things that could end their military careers.

The real story is they are worried about state actors getting their hands on the DNA of our service men and women for nefarious purposes.

It looks like the military is actually starting to understand risks of the 21st century.  Good work.  Note this is not voluntary or optional. Source: MSN

Telemarketing Firm Lays off 300 Before Christmas Due to Ransomware

A Sherwood, Arkansas telemarketing firm laid off 300 people just before Christmas after a ransomware attack shut down their systems.  The attack happened about two months ago and even though they paid the ransom, they have not yet been able to restore the systems.  Apparently, at this point, they have run out of money. The company finally put out a memo explaining what was happening and told employees to call on January 2nd to see if they were going to get their jobs back.  Merry Christmas.  Source: KATV

British Pharmacy Fined $350K for Failing to Protect Medical Records

It is not just the big companies that are getting fined.  In this case a British pharmacy was fined $350,000 for leaving a half million records unprotected and exposed to the elements.  In addition, the pharmacy was issued an order to fix its security practices in 90 days or face more fines.  We are seeing less willingness by courts and regulators on both sides of the Atlantic to deal with companies missteps when it comes to security and privacy.   Source The Register.

Georgia Supreme Court Says Victims of Medical Clinic Hack Can Sue

Moving to this side of the Atlantic, the Georgia Supreme Court says that victims of an Atlanta area medical clinic that was hacked can sue the clinic for negligence.  As I said, courts are becoming much less understanding as to why companies are not effectively protecting the data entrusted to them.  This decision reverses the Court of Appeals decision and is only binding in Georgia, but courts in other states may use this as a precedent in their decision process.  Source: Atlanta Journal Constitution

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code