Robert M. Lee, CEO of Dragos

Power Grid Malware: Don't Freak Out, But Do Prepare

Mathew J. Schwartz • July 28, 2017

While the power grid malware unleashed against Ukraine could be repurposed to attack other grids, "it's not to the point yet where people should be freaking out or building bunkers or anything silly like that," says Robert M. Lee, who heads industrial cybersecurity firm Dragos.

Anti-Money Laundering (AML)

Police Seize World's Two Largest Darknet Marketplaces

Latest

Breach Preparedness

The Growing Global Maturity of Cyber Insurance

Tom Field • July 28, 2017

When it comes to risk, attorney Mark Doepel sees what he describes as "high cyber awareness, but low cyber literacy" among senior business leaders. But as nations adopt new breach legislation, boards and C-suites need to develop a deeper, granular understanding of risk - and fast.

Breach Notification

Australia's Breach Notification Law: What to Watch

Jeremy Kirk • July 28, 2017

Australia's mandatory data breach notification law, which goes into effect next February, brings a host of new requirements. Gordon Hughes, an attorney and data protection expert, discusses what organizations need to be aware of ahead of its implementation.

Anti-Malware

Understanding Small-Business Cyber-Insurance Marketplace

Eric Chabrow • July 28, 2017

A look at why the market for cyber insurance among small business struggles leads the latest edition of the ISMG Security Report. Also, how adware evolves into more troubling malware.

Breach Notification

Anthem's Latest Headache: Business Associate Breach

Marianne Kolbasuk McGee • July 27, 2017

Health insurer Anthem Inc., still dealing with the aftermath of a 2015 cyberattack that impacted nearly 79 million individuals, now is coping with another - albeit smaller - breach incident. This one involves a business associate's former employee who's currently incarcerated.

Data Breach

Second Fraudster Pleads Guilty in UPMC Breach Case

Marianne Kolbasuk McGee • July 26, 2017

A federal court has ordered the deportation of a Venezuelan citizen who is the second person to plead guilty for their role in a conspiracy to commit more than $2 million of tax fraud using identities stolen by hackers from a University of Pittsburgh Medical Center employee database.

Cybersecurity

Business-Driven Security: Protect What Matters Most

Tom Field • July 26, 2017

By 2020, organizations will be spending $100 billion annually on cybersecurity products and services. But are they securing the assets that matter most to their enterprises? RSA's Peter Beardmore discusses the emerging concept of business-driven security.

Anti-Malware

Mac 'Fruitfly' Infections More Numerous Than Believed

Jeremy Kirk • July 26, 2017

It has been a fairly slow year for Mac malware. But a former NSA researcher has dug into the first Mac malware sample that was detected earlier this year - dubbed "Fruitfly" - and found at least 400 computers, and possibly more, infected with a variant of the malware.

Breach Notification

HHS Makes Changes to 'Wall of Shame' Breach Reporting Site

Marianne Kolbasuk McGee • July 25, 2017

HHS has made changes to a website widely referred to as the "wall of shame" that lists major health data breaches. The changes came after some members of Congress complained that the website unfairly exposes breached organizations to endless public scrutiny.

Cybersecurity

Would Talking to Russians About Cyber Reward Bad Behavior?

Eric Chabrow • July 25, 2017

In an in-depth interview, two security experts go head-to-head over the appropriateness of the White House engaging the Kremlin on cybersecurity matters in light of Russia's hacking of the 2016 U.S. presidential election.

Anti-Malware

20 Hot Sessions: Black Hat 2017

Mathew J. Schwartz • July 25, 2017

Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.

Data Breach

Inappropriate Access to Patient Records Spanned 14 Years

Marianne Kolbasuk McGee • July 24, 2017

Inappropriate access to electronic patient records by a clerk for 14 years at a state-run psychiatric facility in Massachusetts shows just how difficult it can be to detect and prevent long-term breaches involving insiders.

Breach Notification

Sweden Grapples with Sensitive Data Leak Scandal

Jeremy Kirk • July 24, 2017

Sweden is grappling with the fallout from a data breach that occurred two years ago and the scope of which has only recently trickled out. It resulted in the prosecution of the former head of the Transport Agency and deep questions over an outsourcing arrangement with IBM.