Photo: Blogtrepreneur, via Flickr/CC.

Surveying 17 Anti-Virus Firms on Their Security Practices

Mathew J. Schwartz • October 21, 2017

The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus answered - or have yet to answer.

Anti-Malware

Hyatt Hotels Suffers International Payment Card Data Breach

Latest

Anti-Malware

Anti-Virus: Don't Stop Believing

Mathew J. Schwartz • October 21, 2017

Will all of the anonymously lobbed U.S. government allegations against Moscow-based security vendor Kaspersky Lab send anti-virus users running for the hills? Don't let it, one security expert says, noting that ditching AV would be a gift to cybercriminals and intelligence agencies alike.

Compliance

HIPAA Compliance: Self-Insured Company Reports Breach

Marianne Kolbasuk McGee • October 20, 2017

A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.

Anti-Malware

DMARC: A Close Look at the Email Validation System

Eric Chabrow • October 20, 2017

An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.

Data Breach

Employees Sue Home Health Provider After Phishing Breach

Marianne Kolbasuk McGee • October 19, 2017

A class action lawsuit claims that thousands of employees of a home healthcare firm were harmed by the disclosure of their personal information as a result of a business email compromise scam. Earlier, regulators fined the company for another breach.

Anti-Fraud

IRS Chief Defends Taxpayer Data Protection Efforts

Eric Chabrow • October 18, 2017

The Internal Revenue Service is pushing back at critics who contend the tax agency isn't doing enough to secure its information technology. Commissioner John Koskinen cites headway in preventing criminals from gaining access to tax filers' personally identifiable information.

Business Continuity/Disaster Recovery

Clinic Pays Ransom After Backups Encrypted in Attack

Marianne Kolbasuk McGee • October 17, 2017

A small Missouri clinic admits paying a ransom to unlock data after a ransomware attack in August encrypted patient data on a file server, as well as backups. The incident spotlights the dilemmas healthcare organizations can face after a ransomware attack if they're not well-prepared.

Authentication

DHS Imposes Email Security Measures on Federal Agencies

Eric Chabrow • October 17, 2017

A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.

Anti-Malware

Profiling DHS Secretary-Designate Kirstjen Nielsen

Eric Chabrow • October 17, 2017

A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.

Cloud Computing

Blood Test Results Exposed in Cloud Repository

Marianne Kolbasuk McGee • October 16, 2017

An apparently misconfigured Amazon repository that exposed on the web medical data for approximately 150,000 patients serves as another important reminder of the need to protect cloud-based health information from being inadvertently accessible to the public.

Breach Response

A Conversation With the Cyber Gang 'The Dark Overlord'

Eric Chabrow • October 13, 2017

A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.

Breach Notification

Hacker Steals Joint Strike Fighter Plans in Australia

Mathew J. Schwartz • October 12, 2017

A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.

Data Breach

Report: North Korean Hackers Stole War Plans

Mathew J. Schwartz • October 11, 2017

North Korea's leaders apparently blew a gasket over "The Interview," a comedy film that centered on an assassination plot against North Korea's leader. So how might the country have reacted to U.S.-South Korean "decapitation strike" plans reportedly stole last year by Pyongyang-affiliated hackers?