2 Medical Practices Among Latest Ransomware Attack Victims

Marianne Kolbasuk McGee • June 17, 2019

A urology practice in Ohio and an eye care provider in Indiana are among the latest victims of ransomware attacks in the healthcare sector. Some security experts suspect that such attacks are still underreported to regulators.

Endpoint Security

What Stands Out in Proposed Premera Lawsuit Settlement?

Multiple Class Action Lawsuits Filed in AMCA Breach

Cybercrime

GoldBrute Botnet Brute-Force Attacking 1.5M RDP Servers

3rd Party Risk Management

Vendor Security Risk Management: A Growing Concern

Latest

Endpoint Security

DHS Is Latest to Warn of BlueKeep Vulnerability

Scott Ferguson • June 17, 2019

Yet another warning has been issued about the BlueKeep vulnerability in older versions of Microsoft Windows. The latest comes from the Department of Homeland Security, which tested a remote code execution exploit.

Governance

GAO: After Equifax Breach, KBA No Longer Effective

Scott Ferguson • June 17, 2019

Some federal agencies inappropriately continue to rely on knowledge-based authentication to prevent fraud and abuse even though this method is no longer trustworthy because so much personal information that's been breached is readily available to fraudsters, a new U.S. Government Accountability Office report notes.

Critical Infrastructure Security

Xenotime Group Sets Sights on Electrical Power Plants

Scott Ferguson • June 17, 2019

Xenotime, the group suspected of launching the Trisis malware attack in Saudi Arabia during 2017, has over the past few months shifted its focus beyond the oil and gas industry to target electrical plants and utilities, security firm Dragos reports.

Governance

Enhancing Security by Red Teaming

Nick Holland • June 17, 2019

James Stanger, chief technology evangelist at CompTIA, explains why red teaming can prove highly beneficial in improving organizational security controls.

Critical Infrastructure Security

Two Weekend Outages, Neither a Cyberattack

Mathew J. Schwartz • June 17, 2019

Not all that crashes has been hacked. To wit, this past weekend there were multiple major outages, including much of Argentina and Uruguay going dark, as well as U.S. retailer Target's system problems leaving customers unable to pay for goods. But none of these outages were due to cyberattacks.

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz • June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Assange Extradition Hearing Won't Occur Until February

Scott Ferguson • June 14, 2019

A British judge has determined that an extradition hearing for WikiLeaks founder Julian Assange won't be held until next February. The U.S. is asking for the extradition so Assange can face espionage charges.

Fraud Management & Cybercrime

Instagram Shows Kids' Contact Details in Plain Sight

Jeremy Kirk • June 14, 2019

Tens of thousands of minors on Instagram expose their email addresses and phone numbers, which child-safety and privacy experts say is worrisome. The kids have turned their profiles from personal ones to business ones, which Instagram mandates must have contact details. But is that appropriate for a child?

Cybercrime

Analysis: The Cybersecurity Risks Major Corporations Face

Nick Holland • June 14, 2019

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?

Geo Focus: The United Kingdom

Fusing Security With Digital Transformation for SMBs

Nick Holland • June 13, 2019

Digital transformation impacts the way that organizations deal with cybersecurity risk, says Tim Wilkinson of Avast Business, who provides advice how to place security at the center of the transformation.

Training & Security Leadership

Addressing the Human Element in Cybersecurity

Nick Holland • June 13, 2019

James Mackay of MetaCompliance explains techniques for educating and motivating employees to be more aware of cyber risks.

Artificial Intelligence & Machine Learning

Empower Employees While Preventing Insider Data Breaches

Mathew J. Schwartz • June 13, 2019

Carelessness, a lack of security awareness, unclear data ownership and poor toolsets are root causes of insider breaches, says Tony Pepper, CEO of Egress, which recently surveyed CISOs and employees to trace the cause of insider breaches resulting from both intentional and unintentional loss.