Latest

Endpoint Security

Bill Aims to Fill Consumer Health Device Data Privacy 'Gap'

Marianne Kolbasuk McGee  •  November 19, 2019

In the wake of Google's plan to buy Fitbit, two U.S. senators have introduced legislation that aims to protect the privacy of consumer health data collected on wearable devices. Meanwhile, a House committee is scrutinizing the healthcare system Ascension's sharing of patient data with Google.

Endpoint Security

IoT Security: 20 Years Behind Enterprise Computing

Jeremy Kirk  •  November 19, 2019

While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.

Cyberwarfare / Nation-State Attacks

This Time, Election Protection Bill Gets Bipartisan Support

Scott Ferguson  •  November 18, 2019

A bill passed by a committee last week and sent to the U.S. House floor would empower two federal agencies to investigate vulnerabilities in voting equipment and propose new ways to better protect it from attack.

Governance

Watchdog Agencies Report on VA Privacy, Security Woes

Marianne Kolbasuk McGee  •  November 18, 2019

Two recent reports issued by separate watchdog agencies spotlight data privacy and security challenges at the Department of Veterans Affairs. What were the critical concerns?

Governance

Compromised Website Led to Australia Parliament Hack

Jeremy Kirk  •  November 18, 2019

The Australian Parliament's computer network was compromised in January after politicians browsed a legitimate website that was compromised. The watering-hole style attack resulted in a small amount of non-sensitive data being revealed, according to the leader of the Senate.

Fraud Management & Cybercrime

Roger Stone Found Guilty on All 7 Counts

Scott Ferguson  •  November 15, 2019

Roger J. Stone, Jr., a long-time associate of President Donald Trump, was found guilty Friday of lying to Congress, obstruction and witness tampering related to his efforts to feed the Trump campaign inside information about WikiLeaks in 2016. He'll be sentenced in February.

Cybercrime

New JavaScript Skimmer Found on E-Commerce Sites

Scott Ferguson  •  November 15, 2019

Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 e-commerce websites in an effort to steal payment card data. Dubbed "Pipka," this skimmer has new capabilities to avoid detection.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland  •  November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Account Takeover

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency

Scott Ferguson  •  November 14, 2019

A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan  •  November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Device Identification

Why Medical Device Security Is So Challenging

Marianne Kolbasuk McGee  •  November 14, 2019

Bolstering medical device security is a top priority at Fort Worth, Texas-based Cook Children's Health Care System, says CIO Theresa Meadows, who's a leader of two cybersecurity advisory groups.

Endpoint Security

Report Calls for Enforcing Voting Machine Standards

Akshaya Asokan  •  November 13, 2019

A new report calls for the creation of a federal certification program that makes sure vendors that build election infrastructure - including voting machines - meet cybersecurity standards.