Attorney Yarmela Pavlovic of the law firm Hogan Lovells LLP

Analysis: FDA's Reworked Premarket Medical Device Guidance

Marianne Kolbasuk McGee • November 13, 2018

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details.

Breach Response

Eye Clinic Sees Quick Recovery from Ransomware Attack

Latest

Breach Response

Magecart Cybercrime Groups Harvest Payment Card Data

Mathew J. Schwartz • November 13, 2018

Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code. Researchers say they are tracing at least six active Magecart groups, each with unique infrastructure, skimmers and targeting.

Critical Infrastructure Security

Who Hijacked Google's Web Traffic?

Jeremy Kirk • November 13, 2018

Google is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China. Security experts say border gateway protocol is to blame and no easy fix is in sight.

Next-Generation Technologies & Secure Development

Threat Intelligence: Less Is More

Mathew J. Schwartz • November 13, 2018

Less can be more when it comes to gathering, consuming and acting on threat intelligence, says Bryn Norton, director of solutions architecture and security at telecommunications giant CenturyLink.

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz • November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cyberwarfare / Nation-state attacks

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz • November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.

Anti-Malware

Lazarus 'FASTCash' Bank Hackers Wield AIX Trojan

Mathew J. Schwartz • November 12, 2018

Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.

Governance

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Mathew J. Schwartz • November 12, 2018

The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.

Blockchain & Cryptocurrency

Cracking Down on Criminals' Use of Encrypted Communications

Nick Holland • November 9, 2018

An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management.

Cyberwarfare / Nation-state attacks

Election Hacking Probe Gets New Boss After Sessions Quits

Jeremy Kirk • November 8, 2018

U.S. Attorney General Jeff Sessions resigned on Thursday at the request of President Donald Trump. While long expected, the move raises questions about the fate of an ongoing investigation into Russia's election hacking.

General Data Protection Regulation (GDPR)

How Cyber Insurance Is Changing in the GDPR Era

Mathew J. Schwartz • November 7, 2018

Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.

Data Breach

HSBC Bank Alerts US Customers to Data Breach

Mathew J. Schwartz • November 7, 2018

HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry." Security experts say the heist has all the hallmarks of a credential-stuffing attack campaign.

Business Continuity Management / Disaster Recovery

How to Future-Proof the Critical National Infrastructure

Mathew J. Schwartz • November 7, 2018

The challenge when designing technology for critical national infrastructure sectors is that it must be securable today and remain resilient to cyberattacks for decades to come, says cybersecurity Professor Prashant Pillai.