Appeals Court Vacates $4.3 Million HIPAA Penalty

Marianne Kolbasuk McGee • January 15, 2021

In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3 million HIPAA civil monetary penalty levied by federal regulators against the University of Texas MD Anderson Cancer Center in the wake of three breaches involving unencrypted mobile devices.

Governance & Risk Management

Ransomware and EHR Systems: A Dangerous Mix

Latest

Forensics

Capitol Riot Suspects Identify Themselves

Mathew J. Schwartz • January 15, 2021

Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.

Cyberwarfare / Nation-State Attacks

Biden Inauguration: Defending Against Cyberthreats

Doug Olenick • January 15, 2021

As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.

Cybercrime

Ransomware Disrupts Scottish Environment Protection Agency

Mathew J. Schwartz • January 15, 2021

The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.

Encryption & Key Management

NSA Offers Guidance on Adopting Encrypted DNS

Prajeet Nair • January 15, 2021

The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.

3rd Party Risk Management

SolarWinds Supply Chain Hack: Investigation Update

Anna Delaney • January 15, 2021

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.

Critical Infrastructure Security

Does Trump's Second Impeachment Have Cybersecurity Impact?

Jeremy Kirk • January 14, 2021

President Donald Trump has been impeached by the House of Representatives on a charge of inciting an insurrection after a riot at the U.S. Capitol led to the deaths of five people. Many experts don't believe the impeachment will have a direct impact on cybersecurity, but adversaries do look for opportunity in chaos.

Business Continuity Management / Disaster Recovery

CISA Warns of Surge in Attacks Targeting Cloud Services

Scott Ferguson • January 14, 2021

The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting cloud services by waging phishing schemes and brute-force attacks. CISA recommends a number of defenses, including regularly reviewing Active Directory sign-in logs and enforcing multifactor authentication.

Forensics

How Conti Ransomware Works

Doug Olenick • January 14, 2021

Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Active Defense & Deception

Sizing Up the Role of Deception Technology

Anna Delaney • January 14, 2021

Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape: "Where deception comes into play is for the unknown threats, the things that are either an attack you haven't seen before or the attacker evolved their technique."

Business Continuity Management / Disaster Recovery

Capitol Breach: Cybersecurity Lessons to Apply

Mathew J. Schwartz • January 13, 2021

The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.

Cybercrime

'SolarLeaks' Site Claims to Offer Attack Victims' Data

Mathew J. Schwartz • January 13, 2021

A new leaks site claims to be selling data from Cisco, FireEye, Microsoft and SolarWinds that was stolen via the SolarWinds supply chain attack. Security experts question whether the offer is legitimate and note that it parallels previous efforts, including by Russia, designed to foil hack attack attribution.

Breach Notification

Mimecast Says Hackers Compromised Digital Certificate

Jeremy Kirk • January 13, 2021

Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.