Larry Jaffee SC Media

Larry Jaffee

Most recent articles by Larry Jaffee

Leaked FinCEN files expose poor data security

Leaked documents, dubbed the “FinCEN Files,” describe global money laundering of $2 trillion processed by many of the world’s biggest banks between 2000 and 2017. The reveal  illuminates the struggle for the financial industry and government to provide ironclad data protection. “This sensational and unprecedented leak clearly demonstrates a wide spectrum of data protection weaknesses…

Commerce imposes prohibitions on TikTok, WeChat

After previously expressing support for Oracle’s planned partnering with TikTok, the Trump administration took a step back from the deal Friday with the Commerce Department putting prohibitions on transactions related to the video-sharing platform and, separately, on the mobile communications app WeChat, both owned by Chinese companies. President Trump had said at a Wednesday news…

Oracle will inherit TikTok security, privacy headaches

By partnering with the popular Chinese videosharing platform TikTok, Oracle will inherit a laundry list of security and privacy issues once the deal is approved, as soon as Sept. 20, by TikTok parent company ByteDance. TikTok boasts 100 million users in the U.S. and 689 million globally. Earlier this year President Trump threatened to ban…

All eyes on VA security measures after compromise of 46,000 accounts

The U.S. Department of Veterans Affairs (VA) disclosure that the information of 46,000 U.S. service people recently was breached through an apparent social engineering scheme underscores the need for government vigilance even when a significant investment has been made in state-of-the-art protection. Security experts said the relatively low number of impacted accounts – in comparison…

Exploit for critical Windows flaw allows access to admin rights

A Windows vulnerability recently patched by Microsoft, registering a CVSS score of 10, could allow attackers instant access to Active Directory. The vulnerability (CVE-2020-1472) subverts Netlogon cryptography, providing a gateway to an enterprise’s internal network for an intruder to gain Domain Admin status with one click, according to a Secura blog post. “This flaw allows…

Lessons combating COVID-19 healthcare security challenges

Long at the forefront of protecting sensitive information from cyberattacks, health care organizations had to pivot quickly to ensure as the COVID-19 pandemic imposed new threats on a vulnerable newly remote workforce. And adapt they did, even as bad actors exploited a fragile, fragmented infrastructure suddenly reliant on telehealth visits. The lessons learned from the…

Next post in RiskSec 2020