European Union flag. (Photo: Yanni Koutsomitis, via Flickr/CC)

Europe's Strong GDPR Privacy Rules Go Into Full Effect

Mathew J. Schwartz • May 25, 2018

The EU's General Data Protection Regulation has gone into full effect as of May 25, 2018. After a two-year grace period following the passage of the legislation, member states' data privacy watchdogs are now enforcing the strong privacy rules, which offer worldwide protection for Europeans.

Breach Notification

GDPR Compliance for US Healthcare: What You Need to Know

Latest

Endpoint Security

Medical Device Cybersecurity: A Progress Report

Marianne Kolbasuk McGee • May 25, 2018

How much progress has the healthcare sector made in the last 10 years addressing medical device cybersecurity issues? And what action is still needed? Ben Ransford, a principal researcher in a groundbreaking 2008 report about cardiac device cyber risks, offers his assessment.

General Data Protection Regulation (GDPR)

GDPR a Litmus Test for Cross-Border Privacy Attitudes

Mathew J. Schwartz • May 25, 2018

To judge by the flood of GDPR-themed email hitting inboxes, Europe's privacy law has been designed to ensure that you say "yes" to companies that monetize the buying and selling of your personal details, regardless of whether you remember ever having done business with them before.

Anti-Malware

FBI Seizes Domain Controlling 500,000 Compromised Routers

Jeremy Kirk • May 24, 2018

At least 500,000 routers, mostly located in Ukraine, have been infected with "VPN Filter" malware that experts believe is a prelude to a massive cyberattack. But the FBI has sinkholed the control domain for the router botnet, which should help contain the potential damage.

Artificial Intelligence & Machine Learning

Amazon Rekognition Stokes Surveillance State Fears

Mathew J. Schwartz • May 23, 2018

The American Civil Liberties Union has launched a broadside against Amazon, warning that Amazon Rekognition - mixing big data, machine learning and facial recognition - could be abused by authoritarian regimes. Amazon has countered by saying that all users must "comply with the law."

ATM Fraud

Police Bust Suspected Fraudsters in Romania and Spain

Mathew J. Schwartz • May 23, 2018

Following 33 arrests, police in Europe say they have dismantled a Romanian-led crime gang that used phishing attacks, online scams and fake invoices to steal more than $9 million from victims in Spain, including individuals as well as organizations ranging from hospitals to government agencies.

General Data Protection Regulation (GDPR)

Mark Zuckerberg's European Appearance: Thumbs Down

Jeremy Kirk • May 23, 2018

European Parliamentarians finally had their opportunity on Tuesday to ask Facebook CEO Mark Zuckerberg questions about its data handling and privacy practices. But the session, which lasted roughly 90 minutes, turned into a somewhat frustrating flop.

Cybercrime

DDoS Attacker Receives 15-Year Sentence

Mathew J. Schwartz • May 21, 2018

John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.

Governance

Websites Still Under Siege After 'Drupalgeddon' Redux

Jeremy Kirk • May 21, 2018

Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.

Privacy

FCC to Investigate US Mobile Phone Location-Revealing Flaw

Mathew J. Schwartz • May 21, 2018

Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Data Breach

US Government Plans to Indict Alleged CIA Leaker

Jeremy Kirk • May 16, 2018

A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.

Breach Notification

Nuance Communications Breach Affected 45,000 Patients

Jeremy Kirk • May 14, 2018

Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.