Image: Yahoo

Yahoo Faces Lawsuits Over Breach

Jeremy Kirk • September 27, 2016

Several civil lawsuits have been filed against Yahoo over the compromise of 500 million accounts. But such lawsuits have a mixed record of success in U.S. federal courts.

Anti-Fraud

SWIFT Will Begin Enforcing Mandatory Security Controls

Breach Response

Clinton, Trump Tackle Cybersecurity in Debate

Breach Response

Yahoo's Mega Breach: Security Takeaways

FBI to Ransomware Victims: Please Come Forward

Latest

Encryption

Rep. McCaul: U.S. Must Gain Decryption Edge

Eric Chabrow • September 27, 2016

House Homeland Security Committee Chairman Michael McCall calls on Congress to increase spending on quantum computing research to ensure that the United States is the first nation to employ quantum computing as a tool to decrypt data. "We can't lose this one to the Chinese," he says.

Data Breach

Research Reveals Why Hacked Patient Records Are So Valuable

Marianne Kolbasuk McGee • September 27, 2016

Why are hacked healthcare records so valuable? It's because stolen patient records often end up for sale on the deep web as part of information packages called "fullz" and "identity kits" used by fraudsters to commit a wide variety of crimes, says James Scott of the Institute for Critical Infrastructure Technology.

Data Breach

Why Hashed Passwords Aren't Implemented Correctly

Eric Chabrow • September 27, 2016

The latest ISMG Security Report leads off with a segment in which Managing Editor Jeremy Kirk explains that the massive Yahoo breach not only exposed the accounts of a half-billion customers, but also the weaknesses in the way enterprises employ hashed passwords.

Breach Preparedness

Cloud Security Paradigm: Time for Change?

Varun Haran • September 27, 2016

Cloud computing has already led to a fundamental shift in the enterprise computing paradigm, and security now needs to follow, says Gartner's Steve Riley, who shares recommendations.

Compliance

Outdated BA Agreement Results in $400,000 HIPAA Settlement

Marianne Kolbasuk McGee • September 26, 2016

Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?

Mobility

Broadening the Scope of Mobile Security

Eric Chabrow • September 26, 2016

Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.

Application Security

Why CISOs Must Make Application Security a Priority

Geetha Nandikotkur • September 26, 2016

As pressure to speed the development of applications intensifies, CISOs must be the "voice of reason," taking a leadership role in ensuring security issues are addressed early in app development process, says John Dickson, principal at Denim Group, a Texas-based security consultancy.

Breach Notification

Yahoo Breach: The Great 'Nation-State' Cop Out

Mathew J. Schwartz • September 26, 2016

Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.

Continuous Monitoring

Clinic Reports Security Incident Involving HIE Access

Marianne Kolbasuk McGee • September 22, 2016

A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.

CISO

Ideas for Filling the Cybersecurity Skills Gap

Eric Chabrow • September 21, 2016

A group of cybersecurity policymakers recommends a series of steps the U.S. federal government and the private sector should take to ensure that the nation will have enough cybersecurity specialists in the coming decade.

Privacy

Hey, Webcam User: Cover Up!

Mathew J. Schwartz • September 21, 2016

FBI Director James Comey, Facebook CEO Mark Zuckerberg and security expert Mikko Hypponen all advocate covering up your webcam as a cheap and no-brainer defense against everything from unscrupulous competitors to sextortionists.

Breach Preparedness

Healthcare Insider Crime Cases Spotlight Challenges

Marianne Kolbasuk McGee • September 20, 2016

Three recent criminal cases involving hospital insiders who allegedly committed a variety of fraud, identity theft or egregious privacy violations that victimized patients highlight just how difficult it is to mitigate insider threats.