Vendetta Network advertises for freelancers who want to install malware on POS terminals.

5 Business Secrets of Cybercrime Masterminds

Mathew J. Schwartz • September 30, 2016

Want to build a cybercrime empire predicated on selling stolen payment card data? Here's how carder forum Vendetta Network blends outsourcing, partnerships and best-of-breed tools to maximize profits while minimizing risk.

Breach Response

Yahoo's Mega Breach: Security Takeaways

Latest

Anti-Malware

Fancy Bear's Sloppy Mac Malware

Jeremy Kirk • September 30, 2016

A new kind of malware for Mac OS X has been linked to Fancy Bear, the Russian group suspected of hacking the DNC and the World Anti-Doping Agency. But the malware only poses a low risk to users, experts say.

Cybersecurity

Why Cybercrime Is On the Rise; Update on Threat Info Sharing

Eric Chabrow • September 30, 2016

The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the status of the U.S. government's cyberthreat information sharing initiative.

ID & Access Management

Why Are We So Stupid About Passwords? Yahoo Edition

Mathew J. Schwartz • September 30, 2016

The Yahoo breach - and the theft of unencrypted security questions and answers - is a reminder to use unique passwords and security questions, store them using a password safe and take advantage of two-factor authentication whenever it's available.

HIPAA/HITECH

What's Needed: More HHS Guidance, or New HIPAA Security Rule?

Marianne Kolbasuk McGee • September 28, 2016

A new watchdog agency report says HHS needs to provide much more guidance on how healthcare organizations should implement controls identified by the NIST Cybersecurity Framework. But some security experts are calling for bolder action - an update of the HIPAA Security Rule.

DDoS

IBM Blamed for Australian Census Debacle

Jeremy Kirk • September 28, 2016

The Australian Bureau of Statistics blames IBM for failing to stop distributed denial-of-service attacks that crippled its website on the evening of the country's largest-ever online census. But were census-takers misinterpreted as DDoS attackers?

Encryption

Rep. McCaul: US Must Gain Decryption Edge

Eric Chabrow • September 27, 2016

House Homeland Security Committee Chairman Michael McCall calls on Congress to increase spending on quantum computing research to ensure that the United States is the first nation to employ quantum computing as a tool to decrypt data. "We can't lose this one to the Chinese," he says.

Data Breach

Research Reveals Why Hacked Patient Records Are So Valuable

Marianne Kolbasuk McGee • September 27, 2016

Why are hacked healthcare records so valuable? It's because stolen patient records often end up for sale on the deep web as part of information packages called "fullz" and "identity kits" used by fraudsters to commit a wide variety of crimes, says James Scott of the Institute for Critical Infrastructure Technology.

Breach Preparedness

Cloud Security Paradigm: Time for Change?

Varun Haran • September 27, 2016

Cloud computing has already led to a fundamental shift in the enterprise computing paradigm, and security now needs to follow, says Gartner's Steve Riley, who shares recommendations.

Compliance

Outdated BA Agreement Results in $400,000 HIPAA Settlement

Marianne Kolbasuk McGee • September 26, 2016

Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?

Mobility

Broadening the Scope of Mobile Security

Eric Chabrow • September 26, 2016

Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.

Application Security

Why CISOs Must Make Application Security a Priority

Geetha Nandikotkur • September 26, 2016

As pressure to speed the development of applications intensifies, CISOs must be the "voice of reason," taking a leadership role in ensuring security issues are addressed early in app development process, says John Dickson, principal at Denim Group, a Texas-based security consultancy.

Breach Notification

Yahoo Breach: The Great 'Nation-State' Cop Out

Mathew J. Schwartz • September 26, 2016

Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.