Warning: All versions of Flash Player are vulnerable to a zero-day, weaponized exploit that became public when Italian spyware vendor Hacking Team was hacked, and 400 GB of corporate data leaked. Adobe has released an update to patch the flaw.
A dozen well-known cryptographers and information security specialists have published a paper explaining why they believe it's unfeasible to create a so-called "backdoor" to allow law enforcement to decrypt encoded information.
Covered entities find it difficult to prevent unauthorized access to patient data by members of their staffs. Preventing breaches involving insiders at business associates can be even trickier, as an incident affecting Meritus Health illustrates.
More than 3,000 National Health Service patients had their personal data exposed when an employee lost an unencrypted memory stick in a parking lot, violating NHS policies. But creating policies isn't the same as enforcing them.
Italian surveillance software maker Hacking Team has confirmed that it was hacked and recommends police, law enforcement and government agencies suspend their use of its software, pending a full breach investigation.
Hacking Team, an Italian vendor of "easy-to-use offensive technology" that it sells to government agencies, has been hacked. Leaked customer lists reportedly name the FBI and DEA, plus the governments of Bahrain, Russia and Sudan, among others.
An unconfirmed post-breach report for bitcoin exchange Bitstamp shows the organization was targeted by a sustained attack that combined phishing via email and Skype with macro malware to successfully steal almost 19,000 bitcoins, worth $5 million.
Cisco announced plans to pay $635 million to purchase cloud security firm OpenDNS to better secure the "Internet of Everything." OpenDNS says the acquisition will leave its products and personnel intact.
HITRUST says a growing number of healthcare organizations, seeking to improve risk management, are requiring that their business associates comply with its Common Security Framework. But some experts question whether that's a viable strategy.
Following its mega-breach, the U.S. Office of Personnel Management suspends use of its online background check application system, citing a vulnerability. Also, the agency now faces a breach-related lawsuit filed on behalf of federal workers.
The Department of Justice has announced the indictments of two individuals in separate fraud cases affecting the University of Pittsburgh Medical Center. The cases spotlight the challenges healthcare organizations face in the fight against fraud.
Just how bad is the U.S. Office of Personnel Management breach? Consider that spies may now have access to every secret - sexual, financial, familial, medical - shared by personnel seeking security clearances to access classified U.S. information.