The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
Ransomware and other cyberattacks will be the biggest health technology hazard in 2018, according to the ECRI Institute. It's the first time the patient safety research organization has listed cyber issues as the top threat.
Researchers have discovered how to speed up an attack disclosed last month that recovers secret RSA encryption keys generated by faulty Infineon software in TPM chips. Estonia has blocked and plans to replace weak security certificates on 750,000 of its smart ID cards used for healthcare and e-voting.
The acting director of the U.S. Office of Personnel Management cites "audit fatigue" as a factor that explains why the federal agency, which experienced a massive data breach in 2015, continues to come up short in securing its information systems.
Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million after hacking its SWIFT server. Most of the funds have since been recovered.
Equifax says four senior executives - including its CFO - did not know the company had suffered one of the worst breaches in history when they collectively sold about $1.8 million worth of shares. Equifax's board found that 12 days elapsed before the first of the four learned about the hack.
Although far fewer major health data breaches these days involve the loss or theft of unencrypted mobile devices, regulators are reminding healthcare entities to remain vigilant to the risks involved in using laptops and other portable computing devices.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
Nearly 50,000 personal records relating to Australian government employees as well as the employees of two banks and a utility were exposed to the internet due to a misconfigured Amazon storage server. The episode is the latest in a string of large breaches to hit Australia.
In the wake of recent massive data breaches, such as the Equifax hack, a flood of stolen data is leading to a whole new wave of account takeover crimes, says Emma Mohan-Satta of Kaspersky Lab. How can organizations refine their defenses?
Thom Langford, CISO of Publicis Groupe, says all companies should consider two essential elements when crafting an incident response plan: strong legal representation and a communications plan that considers both internal and external messaging.
CareFirst BlueCross BlueShield has filed a petition asking the Supreme Court to review a case filed against the health insurer in the wake of a 2014 cyberattack that impacted 1.1 million individuals, potentially becoming the first health data breach case to reach the high court.
The U.S. Justice Department has identified at least six members of the Russian government that investigators believe orchestrated last year's hack of Democratic National Committee computers and dumping of stolen information and may file charges next year, the Wall Street Journal reports.
"Are we vulnerable to the attacks that are being reported in the media?" All CEOs and boards of directors should be asking that question of their information security team to ensure they don't suffer the same fate - especially when it comes to ransomware outbreaks, says David Stubley of 7 Elements.