'Rex Mundi' Hacker Extortion Group: Busted

Mathew J. Schwartz • June 18, 2018

Cyber extortion group Rex Mundi has been shut down following the arrest of seven suspects in France and a French national in Thailand, police say. Investigators began pursuing the group last year after it stole customer data from a British firm and demanded $770,000 to not publicly release it.

Anti-Malware

Geneology Service MyHeritage Leaked 92 Million Credentials

Latest

Data Breach

$4.3 Million HIPAA Penalty for 3 Breaches

Marianne Kolbasuk McGee • June 18, 2018

A lack of device encryption will cost a Texas-based cancer treatment center $4.3 million in civil monetary penalties from the Department of Health and Human Services.

Cybersecurity

Cybersecurity Insurance: How Underwriting Is Changing

Nick Holland • June 18, 2018

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

Breach Notification

PageUp Breach: Job Winners Hit Hardest

Jeremy Kirk • June 15, 2018

Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.

Authentication

Analysis: Distraction Tactics Used in Banco de Chile Hack

Nick Holland • June 15, 2018

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Endpoint Security

Strong Opinions Voiced on Medical Device Security Challenges

Marianne Kolbasuk McGee • June 14, 2018

A House committee that asked the healthcare sector for feedback on how to improve the cybersecurity of legacy medical devices has received some very strong opinions on the subject. Find out what commenters had to say.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz • June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.

Breach Notification

Health System Seeks Patients' Help to Mitigate Email Mishap

Marianne Kolbasuk McGee • June 13, 2018

A breach involving misdirected emails to nearly 56,000 patients allegedly tied to a sorting error by a business associate has taken an unusual twist: The organization involved, Dignity Health, is asking for patients' help in mitigating the privacy mishap. But could that move prove to be counterproductive?

Anti-Malware

Banco de Chile Loses $10 Million in SWIFT-Related Attack

Jeremy Kirk • June 13, 2018

Banco de Chile has become the latest victim of a SWIFT-related malware incident. Attackers first corrupted thousands of PCs' master boot records as a distraction. Then they used fraudulent SWIFT messages to steal $10 million.

Application Security

Should the FDA Create a Cybersecurity Measuring Stick?

Marianne Kolbasuk McGee • June 12, 2018

The FDA should consider some sort of measuring stick when assessing a vendor's cybersecurity culture to determine if it qualifies for the agency's proposed fast-path program for premarket approval of "software as a medical device" products, some industry stakeholders say.

Breach Notification

PageUp Breach: Personal Data Exposed

Jeremy Kirk • June 12, 2018

PageUp, an HR software developer in Australia with clients worldwide, is warning that malware-wielding attackers may have accessed a raft of personal data stored in its systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February.

Business Email Compromise (BEC)

74 Arrests in Business Email Compromise Takedown

Howard Anderson , Nick Holland • June 11, 2018

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the U.S. Department of Justice announced Monday.

Cyberwarfare / Nation-state attacks

US Imposes More Russian Sanctions for Cyberattacks

Nick Holland • June 11, 2018

The U.S. Treasury Department announced Monday that it has imposed sanctions on five Russian organizations and three individuals, the latest move by the Trump administration in response to Russian cyberattacks.