Russian-born Alexander Tverdokhlebov has been sentenced to serve nine years in U.S. prison after pleading guilty to causing damages of between $9.5 million and $25 million by running botnets, using malware to steal payment card data, selling "dumps" of that data as well as hiring money mules.
The latest edition of the ISMG Security Report leads off with a multi-part report explaining why President Donald Trump sought to create a joint U.S.-Russian cybersecurity unit and then backed off. Also, ransomware's impact on emergency services providers.
Kudos to the breached business - in this case, kiosk manufacturer Avanti Markets - that quickly alerts victims and gives them actionable information for protecting themselves. Unfortunately, not all breached businesses are so forthright, as some recent data leaks demonstrate.
Regulators will not penalize healthcare providers that attested to meeting HITECH Act "meaningful use" incentive payment requirements using electronic health records from eClinicalWorks, a vendor that recently settled a false claims case with federal prosecutors.
Avanti Markets is warning 1.6 million users of its self-service kiosk vending machines that malware-wielding hackers infected about 1,900 of its machines and stole names and payment card data, but not biometric information. Point-of-sale malware called Poseidon appears to be involved.
President Donald Trump backtracked on a pledge that the United States and Russia would work together to improve global cybersecurity by forming a joint working group after his proposal was criticized by both Republican and Democratic lawmakers.
Although it's important to work with law enforcement after a data breach, organizations need to be careful about what information they share, says attorney Ruth Promislow, partner at Bennett Jones LLP.
As healthcare organizations build patient portals, they must address user authentication and a variety of other security issues, much like those involved in online banking, says Erik Devine, chief security officer at Riverside Healthcare in Illinois.
Analytics can play a critical role in cracking down on identity fraud, says Shaked Vax, Trusteer products strategist at IBM Security, who explains how to use the latest tools to identify network intruders.
Good news for some ransomware victims: The master key used to encrypt the original versions of Petya ransomware has been released. But the key cannot be used to decrypt the "NotPetya" malware that recently began crypto-locking PCs.
Recent ransomware attacks against a healthcare provider in Texas and police and fire departments in Tennessee spotlight the importance of keeping an eye out for multiple attacks happening simultaneously and having disaster recovery plans in place - especially for emergency services.
The latest edition of ISMG Security Report leads with a conversation with DataBreachToday Executive Editor Mathew J. Schwartz on how the NotPetya malware spread from its Ukraine origins. Also, why tech users can't secure their systems.
Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who's CISO at New York-Presbyterian. A far better approach, he says, is to rely on the NIST cybersecurity framework or other comprehensive frameworks.