Lawsuit Claims HIV Data Exposed in Leak

Marianne Kolbasuk McGee • February 24, 2020

A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed. Why are data breaches tied to IT misconfiguration a growing problem?

Business Continuity Management / Disaster Recovery

After Malware Attack, Doctor Network Had Widespread Outage

Latest

Business Email Compromise (BEC)

BEC Group Favors G-Suite, Physical Checks: Report

Akshaya Asokan • February 24, 2020

A business email compromise group targeting U.S. businesses is using G-Suite for their scams and collecting money through physical checks instead of wire transfers, according to the security firm Agari.

Cybercrime

FBI Makes Arrest in DDoS Attack on Candidate's Website

Ishita Chigilli Palli • February 24, 2020

The FBI has arrested a suspect who's charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California.

Governance

New Mexico Sues Google Over Children's Privacy

Jeremy Kirk • February 24, 2020

New Mexico is suing Google, alleging the company violates a federal child privacy law by collecting the personal data of students younger than age 13 without their parents' consent. Google rejects the lawsuit's claims, saying they are "factually incorrect."

Application Security

'Privacy by Design' Implementation Tips

Suparna Goswami • February 24, 2020

Implementing the concept of "privacy design" requires a series of critical steps, says Heikki Tolvanen, chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm, who offers insights on mistakes to avoid.

Breach Notification

Defense Department Agency Reports Data Breach

Apurva Venkat • February 21, 2020

A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers.

Cyberwarfare / Nation-State Attacks

US, UK Blame Russia for Cyberattack in Country of Georgia

Scott Ferguson • February 21, 2020

U.S. and U.K. officials are blaming the Russian military for launching an October 2019 cyberattack on the country of Georgia that crippled at least 2,000 government, news media and court websites over the course of one day.

Cybercrime

SMS Phishing Campaign Used to Spread Emotet: Report

Ishita Chigilli Palli • February 21, 2020

Mobile banking customers are being targeted by yet another SMS phishing campaign, according to new research from IBM X-Force. This time, however, in addition to trying to steal usernames and credentials, the attackers are also attempting to install Emotet malware.

Business Continuity Management / Disaster Recovery

What to Look for at RSA 2020 Conference

Nick Holland • February 21, 2020

This special edition of the ISMG Security Report offers a preview of top keynote presentations at the RSA 2020 conference, plus a look at important themes and health tips for attendees.

Fraud Management & Cybercrime

GAO: Census Bureau Comes Up Short on Cybersecurity

Akshaya Asokan • February 20, 2020

The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin in April, according to a new report from the Government Accountability Office.

Fraud Management & Cybercrime

Phishing Campaigns Tied to Coronavirus Persist

Apurva Venkat • February 20, 2020

As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud. Here's an update on the latest developments.

Governance

Coronavirus Update: Tips for Travel

Tom Field • February 19, 2020

Globally, the coronavirus has infected more than 75,000 people and led to over 2,000 deaths. But business travelers should avoid panic, says pandemic expert Regina Phelps, who offers preventive health tips for those headed to international events, such as the RSA 2020 conference.

Endpoint Security

Preview: 12 Top Keynote Sessions at RSA Conference 2020

Mathew J. Schwartz • February 19, 2020

Are you attending the RSA 2020 conference? To help navigate the show, here's a preview of 12 top keynote sessions featuring some of the biggest names in cybersecurity tackling critical subjects, including cryptography, critical infrastructure security, bug bounties and supply chain risks.