A hacking incident at a Nebraska-based medical supply company ranks as the second largest business associate health data breach reported so far this year. A log review was the key to detecting the intrusion.
Canada led North America in EMV adoption, and now it is seeing a commensurate growth in card-not-present fraud. Gord Jamieson of Visa Canada describes how Visa is responding to this latest wave of CNP fraud.
Equifax is disputing Bloomberg's report that it suffered an undisclosed data breach, discovered in March, that predates the massive breach that began in May. Instead, Equifax says the March incident involved its payroll service and that it notified all victims and required regulators.
Many recent data breaches, including the Equifax incident, show that "applications are really the vulnerable entry point into organizations and ultimately to organizations' data," says Alex Mosher of CA Technologies.
A former systems administrator who worked at a Pennsylvania clinic group for only about three weeks has been sentenced to 27 months in prison in a case involving wire fraud and hacking computers. The case highlights the importance of managing administrative credentials, especially when employees leave.
For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.
Pressure continues to mount on credit reporting bureau Equifax over its massive data breach. In its wake, Equifax announced that its CIO and CSO would "retire" immediately and said that the Apache Struts flaw exploited by attackers was known to the security team.
The U.S. Treasury Department has announced sanctions against 11 individuals and organizations linked to Iran, some of whom have been accused of helping to launch distributed denial-of-service attacks against dozens of U.S. banks from 2011 to 2013.
Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.
Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.
In cryptocurrency we trust: The government of North Korea has been turning to bitcoin exchange heists and cryptocurrency mining - potentially using malware installed on other countries' systems - to evade sanctions and fund the regime, security experts say.
The Trump administration is directing U.S. federal executive branch agencies to remove anti-virus software from Russian-owned Kaspersky Lab from their computers within 90 days. Kaspersky denies "inappropriate" ties to Russian government.
Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.
Leveraging intelligence culled from the Dark Web will help boost information security for enterprises, says Avi Rembaum of Check Point Software Technologies.
Equifax has yet to describe how its site was breached, except to blame a vague "U.S. website application vulnerability." But some security experts suspect that an unpatched flaw in Apache Struts, fixed by Apache in March, might have been exploited.
