Moody's Changes Equifax's Outlook to 'Negative'

Scott Ferguson • May 24, 2019

Moody's has changed its financial outlook for Equifax to "negative" from "stable," reflecting concerns about how the credit reporting giant is recovering from the 2017 data breach that exposed the personal information of 148 million Americans.

Cybercrime

Lack of Secure Coding Called a National Security Threat

Latest

Data Loss

Instagram Bans Social Media Company After Data Exposure

Jeremy Kirk • May 24, 2019

Instagram has revoked the access of an Indian social media marketing company after personal details of some of its users ended up in an unprotected database online. Instagram says the number of affected users - first reported at 49 million - is inaccurate, and the exposed data from Instagram was already public.

Application Security

Security at the Speed of the Cloud

Tom Field • May 24, 2019

Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises. Dan Fitzgerald, a CISO at the consultancy McKinsey & Co., shares insights on how to make these transitions.

Video

Multilayered Security Gets Personal

Tom Field • May 24, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Breach Preparedness

Healthcare's Unique Digital Transformation

Tom Field • May 24, 2019

The term "digital transformation" is not just marketing buzz; it's the here and now for many organizations. And the healthcare sector is uniquely impacted, says Stuart Reed of Nominet in the wake of a recent roundtable discussion.

Application Security

WannaCry Still Causing Tears 2 Years On

Nick Holland • May 24, 2019

The latest edition of the ISMG Security Report assesses the legacy of WannaCry ransomware two years on. Also featured: the evolving role of healthcare CISOs; threat mitigation recommendations based on the 2019 Verizon Data Breach Investigations Report.

Data Breach

Cloud-Based EHR Vendor Slapped With HIPAA Fine

Marianne Kolbasuk McGee • May 23, 2019

Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions of individuals. What's the focus of the enforcement action?

Cybercrime

Owner of Defunct Firm Fined in LeakedSource.com Case

Scott Ferguson • May 23, 2019

The former owner of the company behind the LeakedSource.com website, which trafficked in billions of stolen login credentials, will pay a fine equivalent to the money he made off the scam, according to the Royal Canadian Mounted Police.

Anti-Malware

E-Commerce Skimming Attacks Evolve Into iFrame Injection

Jeremy Kirk • May 22, 2019

Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.

Data Breach

Misconfigured IT (Again) Leads to Big Health Data Breach

Marianne Kolbasuk McGee • May 22, 2019

A misconfigured IT setting has landed a Puerto Rico-based clearinghouse and cloud software services vendor at the top of federal regulators' list of largest health data breaches so far this year. Why do these types of mistakes keep happening?

Anti-Malware

MuddyWater APT Group Upgrades Tactics to Avoid Detection

Scott Ferguson • May 21, 2019

MuddyWater, an advanced persistent threat group that has targeted organizations in the Middle East, has changed some of its tactics to better avoid detection as it continues to plant backdoors within targeted networks, according to new research from Cisco Talos.

Anti-Money Laundering (AML)

Whistleblower Everett Stern: 'Do the Right Thing'

Tom Field • May 20, 2019

It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

Cloud Access Security Brokers (CASB)

Phishing: Mitigating Risk, Minimizing Damage

Marianne Kolbasuk McGee • May 20, 2019

As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage.