News

Colonial Pipeline Fined For Lack of Response Plan

The repercussions of last year's hack of the Colonial Pipeline have not ended for the company in charge of the US' largest refined-oil pipeline system, who are now facing a $986,400 civil penalty from the US Department of Transportation.

The Pipeline and Hazardous Materials Safety Administration, which operates under the US DOT, conducted an inspection of Colonial Pipeline's risk mitigation efforts and procedures and found that, according to a press release on their website, a "probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system.

FTC: Twitter Deceptively Used 2FA Information

Twitter has come under fire, to the tune of $150 Million, by the Federal Trade Commission after it was revealed that the social media site had been allowing data collected for two-factor authentication to be used by advertisers to target advertisements.

Illinois Healthcare Provider Reports Large Breach

Christie Clinic, a large healthcare provider in Illinois, has suffered the worst data breach reported in 2022 so far. After detecting suspicious activity from an employee's business account, the company began an investigation before confirming in January that a threat actor had accessed the e-mail account during a month-long period in Summer 2021.

At the end of March, the company posted a notice on its website describing the event.

DOJ Convicts Phisher After Multi-Million Scheme

The Department of Justice has announced the conviction of 40-year-old Sercan Oyuntur, who successfully phished a government vendor and was able to steal $23,453,350.

Oyuntur had registered "dia-mil.com" which is very similar to "dla.mil", the Defense Logistics Agency's domain name.

Google Now Allowing Removal of Personal Information from Search Results

Google has announced additional options for removing personal information from their search results. The tech giant stated that "Open access to information is a key goal of Search, but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private," in a press release on their website.

April 2022 CMMC 2.0 Updates and Discussions After NDIA Session

On April 7th, Direct iT attended the NDIA’s informative session on Zero Trust and CMMC 2.0 at Northeastern University’s Innovation Campus in Burlington, MA. Many people deeply involved in CMMC 2.0 traveled from all around the country to participate, including Stacy Bostjanick, head of the CMMC program in the Office of the DoD CIO, who gave a fascinating talk.

DOJ Announces First “False Claims Act” Case

Towards the end of 2021, the Department of Justice unveiled its plans to use the False Claims act to enforce federal contractual cyber-security requirements. In early March, they announced "the first resolution of a False Claims Act case involving cyber fraud since the launch of the department's Civil Cyber-Fraud Initiative", according to an announcement posted on the agency's website.

9.5% of Top Mobile Apps Carry Russian Tracking

While Google and Bing are the most popular search engines in most English-language countries, Russian-language speakers use Yandex. Last month, the Financial Times reported that Yandex's Appmetrica, a "real-time ad tracking and mobile apps analytics solution" which is integrated into Android and iOS apps, has the ability to send a user's metadata to a database accessible by the Kremlin.

FTC Files Complaint Against Intuit

The Federal Trade Commission announced at the end of March that they will be taking action against Intuit Inc, whose products include software such as TurboTax, Mint, and QuickBooks, for what they are calling "deceptive" advertising practices.

According to an Administrative Complaint filed against the company, "Much of Intuit’s advertising for TurboTax conveys the message that consumers can file their taxes for free using TurboTax, even going so far as to air commercials in which almost every word spoken is the word 'free.