Attorney Adam Greene, partner, Davis Wright Tremaine

Compliance With 2 New Health Data Regs: Avoiding Pitfalls

Marianne Kolbasuk McGee • September 29, 2020

As the compliance dates approach for the Department of Health and Human Services' information blocking and health IT interoperability final rules, organizations need to avoid potential pitfalls, says privacy attorney Adam Greene.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Latest

Cloud Security

Cybersecurity Firm McAfee Files for IPO

Mathew J. Schwartz • September 29, 2020

McAfee is set to become a public company once again, with the cybersecurity firm filing for an IPO with the U.S. Securities and Exchange Commission to trade under "MCFE" on the Nasdaq Stock Market. Separately, Ivanti announced that it would buy security firms MobileIron and Pulse Secure.

Next-Generation Technologies & Secure Development

Building Trust in Quantum Computing

Anna Delaney • September 29, 2020

William Dixon of the World Economic Forum is calling for the formation of a "quantum computing security coalition" to help build trust in the technology, which could play a key role in enhancing security.

Cybercrime

Fresh Joker Malware Variant Targeting Android Users

Chinmay Rautmare • September 29, 2020

A fresh round of Joker malware that targets Android users has been found in Google Play as well as third-party app stores, according to reports from Zscaler and Zimperium. The Joker apps can steal SMS messages, contact lists and device information from infected smartphones.

Cyberwarfare / Nation-State Attacks

Federal Judge Temporarily Blocks Trump's TikTok Ban

Prajeet Nair • September 28, 2020

A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. The order came hours before the ban was scheduled to go into effect.

Cloud Security

Microsoft Shutters Azure Apps Used by China-Linked Hackers

Akshaya Asokan • September 26, 2020

Microsoft removed 18 apps from its Azure cloud platform that were being used by hackers as part of their command-and-control infrastructure. The threat group, called Gadolinium, was abusing the infrastructure to launch phishing email attacks, Microsoft researchers say.

Forensics

Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Cyberwarfare / Nation-State Attacks

Facebook Removes More Accounts Linked to Russia

Chinmay Rautmare • September 25, 2020

Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.

Critical Infrastructure Security

Calls Grow to Restore White House Cybersecurity Leader Role

Prajeet Nair • September 25, 2020

The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish a White House cybersecurity coordinator role. The position would coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.

Breach Notification

Analysis: Are Darknet Markets Here to Stay?

Anna Delaney • September 25, 2020

The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.

Cybercrime

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Mathew J. Schwartz • September 25, 2020

With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.

Fraud Management & Cybercrime

How a Phishing Awareness Test Went Very Wrong

Jeremy Kirk • September 25, 2020

Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships.

Governance & Risk Management

NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.