EU Claims Kaspersky Lab Software 'Confirmed as Malicious'

Mathew J. Schwartz • June 15, 2018

The anti-Kaspersky Lab rhetoric continues to heat up, with the European Parliament passing a motion that brands the Moscow-based firm's software as being "confirmed as malicious." In response, Kaspersky Lab has halted all work with European institutions, including Europol, pending clarification.

Breach Notification

RSA Fraud Report: Newsjacking-Based Phishing on the Rise

Latest

Breach Notification

PageUp Breach: Job Winners Hit Hardest

Jeremy Kirk • June 15, 2018

Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.

Authentication

Analysis: Distraction Tactics Used in Banco de Chile Hack

Nick Holland • June 15, 2018

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Endpoint Security

Strong Opinions Voiced on Medical Device Security Challenges

Marianne Kolbasuk McGee • June 14, 2018

A House committee that asked the healthcare sector for feedback on how to improve the cybersecurity of legacy medical devices has received some very strong opinions on the subject. Find out what commenters had to say.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz • June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.

Breach Notification

Health System Seeks Patients' Help to Mitigate Email Mishap

Marianne Kolbasuk McGee • June 13, 2018

A breach involving misdirected emails to nearly 56,000 patients allegedly tied to a sorting error by a business associate has taken an unusual twist: The organization involved, Dignity Health, is asking for patients' help in mitigating the privacy mishap. But could that move prove to be counterproductive?

Anti-Malware

Banco de Chile Loses $10 Million in SWIFT-Related Attack

Jeremy Kirk • June 13, 2018

Banco de Chile has become the latest victim of a SWIFT-related malware incident. Attackers first corrupted thousands of PCs' master boot records as a distraction. Then they used fraudulent SWIFT messages to steal $10 million.

Application Security

Should the FDA Create a Cybersecurity Measuring Stick?

Marianne Kolbasuk McGee • June 12, 2018

The FDA should consider some sort of measuring stick when assessing a vendor's cybersecurity culture to determine if it qualifies for the agency's proposed fast-path program for premarket approval of "software as a medical device" products, some industry stakeholders say.

Breach Notification

PageUp Breach: Personal Data Exposed

Jeremy Kirk • June 12, 2018

PageUp, an HR software developer in Australia with clients worldwide, is warning that malware-wielding attackers may have accessed a raft of personal data stored in its systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February.

Business Email Compromise (BEC)

74 Arrests in Business Email Compromise Takedown

Howard Anderson , Nick Holland • June 11, 2018

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the U.S. Department of Justice announced Monday.

Cyberwarfare / Nation-state attacks

US Imposes More Russian Sanctions for Cyberattacks

Nick Holland • June 11, 2018

The U.S. Treasury Department announced Monday that it has imposed sanctions on five Russian organizations and three individuals, the latest move by the Trump administration in response to Russian cyberattacks.

Authentication

Chip and No Signature: What's Behind the Move?

Nick Holland • June 11, 2018

Although all the major credit card brands have dropped the requirement for obtaining signatures to verify point-of-sale transactions made with EMV payment cards, they're not pushing strongly for using PINs instead, leaving that authentication decision to card issuers, says Linda Kirkpatrick of Mastercard.

Endpoint Security

Medical Device Cyber Vulnerabilities: More Alerts

Marianne Kolbasuk McGee • June 8, 2018

The Department of Homeland Security has issued two more alerts about cyber vulnerabilities in certain medical devices. The stream of recent advisories is helping to draw more attention to the importance of addressing device security. But healthcare providers face the challenge of tracking and mitigating all risks.