Monthly Archives: April 2010

Health worker is first HIPAA privacy violator to get jail time

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities

via Health worker is first HIPAA privacy violator to get jail time – SC Magazine US.

DHEC notifying South Carolina clients of personal information breach |

According to Hunter, private information of more than 1,800 people was included on DHEC documents that were discovered by a third party in a public, paper recycling container behind the DHEC building on Bull Street in Columbia. This third party gave the documents to another person, who returned them to DHEC.

via DHEC notifying South Carolina clients of personal information breach |.

1.5 million stolen Facebook IDs up for sale

A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.

Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.

via 1.5 million stolen Facebook IDs up for sale.

New Policy Revamps Agencies’ Approach To FISMA Compliance

The White House issued new cybersecurity marching orders to government agencies Wednesday, which top officials say will help redirect government efforts from wasteful paperwork compliance toward continuous monitoring and patching and more effective cybersecurity spending….

… Agencies have been spending as much as $1,400 per page on those reports under requirements of the Federal Information Systems Management Act….

via New Policy Revamps Agencies’ Approach To FISMA Compliance – DarkReading.

OWASP Top10 2010 Released

Today, OWASP has released an updated report capturing the top ten risks associated with the use of web applications in an enterprise. This colorful 22 page report is packed with examples and details that explain these risks to software developers, managers, and anyone interested in the future of web security. Everything at OWASP is free and open to everyone, and you can download the latest OWASP Top 10 report for free at:

http://www.owasp.org/index.php/Top_10

via OWASPTop10-2010-PressRelease – OWASP.