In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.
German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey. The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware.
The American Hospital Association is urging federal regulators to back off from recent guidance that treats patient IP addresses as protected health information, saying that the new rules would "reduce public access to credible health information" and create hardships for doctors and hospitals.
A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.
Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.
Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.
Hospital chain CommonSpirit has upped its estimate on the financial toll incurred by a ransomware incident last fall that disrupted IT systems and patient services at some of its facilities for weeks. But company officials reportedly expect many of the costs to be covered by the company's insurance.
Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.
As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.
Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.
European Union lawmakers have criticized the British government's updated privacy bill over concerns that it fails to adequately protect European citizens' fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.
Cyber programs must go beyond the digital realm and address physical security challenges around buildings and data centers even though there isn't a tool to implement. Firms often adopt physical security measures such as a secure data center with cameras and locked doors only when it's required.
Possibly Russian hackers likely compromised the official email address of Ukraine's embassy in Tajikistan to send phishing emails to organizations located in central Asia, Israel and India. The Computer Emergency Response Team of Ukraine tracks the campaign as UAC-0063.
An IT security analyst has confessed to trying to blackmail his employer by altering ransom notes sent from a hacker to a board member and changing the cryptocurrency payment address to one he controlled. After his employer detected the unusual activity, U.K. police traced it back to the worker.
Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch the vulnerability.