Latest

Authentication

Phishing Attack Last Year Exposed Health Data on 417,000

Marianne Kolbasuk McGee  •  August 17, 2018

Augusta University Health in Georgia says it just recently concluded that a phishing attack that occurred - and was detected - 10 months ago resulted in a breach potentially exposing information on 417,000 individuals. Security experts are questioning why the breach determination took so long.

Cybercrime

Australian Teenager Pleads Guilty to Hacking Apple

Mathew J. Schwartz  •  August 17, 2018

An Australian teenager was such a fan of Apple that he hacked into the technology giant's mainframe, according to media reports. The teen has pleaded guilty to stealing 90 GB of sensitive information. But Apple says no customers' personally identifiable information was exposed.

►

Artificial Intelligence & Machine Learning

Planning for the Shifting Threat Landscape

Varun Haran  •  August 17, 2018

The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.

►

Anti-Malware

Fighting Sandbox-Evading Malware

Varun Haran  •  August 17, 2018

Malware detection needs to shift to detecting anomalous behavior, rather than depending on signature-based detection technologies to deal with such threats as sandbox-evading malware, says Verizon's Ashish Thapar.

Finance

Widespread Phishing Campaign Targets Financial Institutions

Nick Holland  •  August 17, 2018

A phishing attack on Wednesday fueled by the Necurs botnet targeted at least 2,700 banking institutions of various sizes in the U.S. and around the world, explains Aaron Higbee of Cofense, which detected the attack.

Data Breach

The Industrial Internet of Things: Emerging Risks

Nick Holland  •  August 17, 2018

Leading the latest edition of the ISMG Security Report: Chris Morales of the cybersecurity firm Vectra discusses how the industrial internet of things is changing the nature of industrial espionage and disruption.

Breach Preparedness

Cyber Warnings About Certain Philips Medical Devices

Marianne Kolbasuk McGee  •  August 16, 2018

The Department of Homeland Security and Philips have issued alerts about cyber vulnerabilities that have been identified in some of the company's medical devices. Are device makers becoming more forthcoming about cyber issues?

►

Next-Generation Technologies & Secure Development

Analysis: Updates to STIX, TAXII Standards

Varun Haran  •  August 16, 2018

The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards.

►

Blockchain Applications

How Hackers Are Targeting Initial Coin Offerings

Jeremy Kirk  •  August 15, 2018

The proliferation of cryptocurrency and blockchain projects is posing enticing new opportunities for hackers, says Aleksandr Lazarenko of Group-IB.

Breach Preparedness

HHS OIG Finds Security Flaws in Maryland's Medicaid System

Marianne Kolbasuk McGee  •  August 15, 2018

Maryland's Medicaid system has "numerous significant" security weaknesses that need to be addressed, according to a federal watchdog agency. Earlier audits of other state Medicaid programs have yielded similar results

Business Continuity/Disaster Recovery

Should Staff Ever Use Personal Devices to Access Patient Data?

Marianne Kolbasuk McGee  •  August 14, 2018

When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? A recent incident at the Oklahoma Department of Veterans Affairs spotlights the dilemma.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee  •  August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.