Russian-language cybercrime forum MagBo sells access to hacked websites for as little as 50 cents. (Source: Flashpoint)

Cybercrime Markets Sell Access to Hacked Sites, Databases

Mathew J. Schwartz • September 21, 2018

One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.

Application Security

Wielding EternalBlue, Hackers Hit Major US Business

Latest

Governance

Hospitals Fined $1 Million After TV Crews Film Patients

Marianne Kolbasuk McGee • September 20, 2018

HIPAA privacy violations can come in many forms. Case in point: Federal regulators have smacked three Boston hospitals with settlements totaling nearly $1 million for allowing crews for the documentary TV show "Boston Med" to film on their premises without obtaining authorization from patients.

Breach Notification

Canada Prepares for New Breach Notification Era

Tom Field • September 20, 2018

November 1 ushers in a whole new era of breach notification requirements for Canada. What are the new standards, and how prepared are Canadian organizations? Attorney Imran Ahmad shares insights.

Breach Preparedness

New Hacker Exploits and How to Fight Them

Nick Holland • September 19, 2018

Hackers are constantly developing new exploits, and updating defenses is not an easy task. Dan Larson of Crowdstrike discusses some the new techniques hackers are using and how to fight them off.

Fraud

The Need for Security Collaboration

Nick Holland • September 19, 2018

Today's cybercriminals don't operate in silos, so why do companies? Saba Shariff of Symcor discusses techniques for greater collaboration on security.

General Data Protection Regulation (GDPR)

GDPR: The Global Impact on Privacy

Nick Holland • September 19, 2018

Richard Henderson of Infosec Global discusses the impact of the European Union's General Data Protection Regulation and how the law is influencing privacy frameworks globally.

Application Security

Managing Open Source Risks

Nick Holland • September 19, 2018

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.

General Data Protection Regulation (GDPR)

GDPR Compliance: Common Misconceptions

Marianne Kolbasuk McGee • September 19, 2018

Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.

Breach Preparedness

Hospital Insider PHI Theft Case: Lessons to Learn

Marianne Kolbasuk McGee • September 18, 2018

A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.

Cybercrime

Police in Europe Tie Card Fraud to People-Smuggling Gang

Mathew J. Schwartz • September 17, 2018

Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.

Data Breach

Are State AGs Picking Up Slack in HIPAA Enforcement?

Marianne Kolbasuk McGee • September 14, 2018

Is a recent HIPAA settlement issued by the New York state attorney general's office another sign that states might begin to overshadow federal regulators when it comes to enforcement actions involving health data security and privacy?

Encryption & Key Management

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Jeremy Kirk • September 14, 2018

Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.

Breach Response

Europe Catches GDPR Breach Notification Fever

Mathew J. Schwartz • September 14, 2018

Less than four months after GDPR enforcement began, Europe has arguably entered the modern data breach notification era. Reports of data breaches continue to increase, and breached organizations now face the specter of class-action lawsuits over material as well as non-material damages.