GandCrab Ransomware: Cat-and-Mouse Game Continues

Mathew J. Schwartz • November 16, 2018

A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

Data Breach

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Latest

Cybersecurity

Texas Hospital Hit With Dharma Ransomware Attack

Marianne Kolbasuk McGee • November 16, 2018

An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector?

3rd Party Risk Management

China's Hack Attacks: An Economic Espionage Campaign

Nick Holland • November 16, 2018

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.

Governance

Do the HIPAA Rules Hamper Coordinated Patient Care?

Marianne Kolbasuk McGee • November 15, 2018

Federal regulators plan to seek public comments on whether the HIPAA rules create barriers to sharing patient information among healthcare providers, hampering the ability to coordinate care. But some regulatory experts argue the problem is not the rules, but misunderstandings about what they allow.

Cybercrime

Romanian Hacker 'Guccifer' Extradited to US

Mathew J. Schwartz • November 15, 2018

The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has been extradited from Romania to begin serving his 52-month U.S. prison sentence.

Critical Infrastructure Security

Congress Approves New DHS Cybersecurity Agency

Howard Anderson • November 14, 2018

The United States will soon officially have a single agency that takes the lead role for cybersecurity. Congress has passed legislation to establish the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. The measure awaits President Trump's signature.

Anti-Fraud

Using Unsupervised Machine Learning: The Challenges

Varun Haran • November 14, 2018

While unsupervised machine learning techniques get away from the data labeling and classification that most supervised systems require, they are dependent on the quality and variety of the data provided, says Gartner's Jonathan Care.

Anti-Malware

Endpoint Security: Managing the Impact on Clinical Workflow

Marianne Kolbasuk McGee • November 14, 2018

When implementing endpoint security solutions in healthcare environments, a critical consideration is the impact of the technology on clinical workflow, says Dave Summitt, CISO at the H. Lee Moffitt Cancer Center and Research Institute.

Next-Generation Technologies & Secure Development

Threat Intelligence: Less Is More

Mathew J. Schwartz • November 13, 2018

Less can be more when it comes to gathering, consuming and acting on threat intelligence, says Bryn Norton, director of solutions architecture and security at telecommunications giant CenturyLink.

Endpoint Protection Platforms (EPP)

Analysis: FDA's Reworked Premarket Medical Device Guidance

Marianne Kolbasuk McGee • November 13, 2018

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details.

Breach Response

Breach of Obamacare Site Spilled Sensitive Data

Howard Anderson • November 12, 2018

More than two weeks after announcing that the Obamacare website, HealthCare.gov, had been hacked, the Department of Health and Human Services has revealed that the breach exposed a wealth of information, including partial Social Security numbers and immigration status.

Anti-Malware

Lazarus 'FASTCash' Bank Hackers Wield AIX Trojan

Mathew J. Schwartz • November 12, 2018

Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.

Governance

CISO Job Mandate: Be a 'Jack or Jill' of All Trades

Mathew J. Schwartz • November 12, 2018

The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.