City of Pensacola Recovering From Ransomware Attack

Marianne Kolbasuk McGee • December 10, 2019

The city of Pensacola, Florida, on Tuesday was still recovering from a Saturday ransomware attack that occurred just one day after a shooting incident at Naval Air Station Pensacola. But the FBI reports that it has not identified a connection between the incidents.

Governance

Surviving a Breach: 8 Incident Response Essentials

Latest

Business Continuity Management / Disaster Recovery

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Jeremy Kirk • December 10, 2019

Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files.

Account Takeover

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Mathew J. Schwartz • December 10, 2019

One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.

Encryption & Key Management

Quantum-Proof Cryptography: What Role Will It Play?

Suparna Goswami • December 10, 2019

CISOs need to begin investigating the use of quantum-proof cryptography to ensure security is maintained when extremely powerful quantum computers that can crack current encryption are implemented, says Professor Alexander Ling, principal investigator at the Center for Quantum Technologies in Singapore.

Governance

Banner Health Breach Lawsuit Settled

Marianne Kolbasuk McGee • December 9, 2019

A federal court has granted preliminary approval of a multi-million dollar settlement of a consolidated class action lawsuit filed against Banner Health in the wake of a massive 2016 breach of healthcare and financial information. Here's a rundown of the details.

Finance & Banking

A $200,000 Internet Fraud: Will Anyone Investigate?

Jeremy Kirk • December 9, 2019

Internet crime has grown so rapidly that law enforcement is outpaced. Here's the story of how a Manhattan doctor lost $200,000 in an internet scam, and why he's struggling to get law enforcement's attention.

Cybercrime

Wiper Malware Targets Middle Eastern Energy Firms: Report

Akshaya Asokan • December 6, 2019

A new malware campaign suspected of being tied to Iran has been targeting companies in the energy and industrial sectors in the Middle East, according to a report from IBM X-Force.

Artificial Intelligence & Machine Learning

AI, Machine Learning and Robotics: Privacy, Security Issues

Marianne Kolbasuk McGee • December 6, 2019

The use of artificial intelligence, machine learning and robotics has enormous potential, but along with that promise come critical privacy and security challenges, says technology attorney Stephen Wu.

Endpoint Security

Analysis: Smart TV Risks

Nick Holland • December 6, 2019

The latest edition of the ISMG Security Report offers an analysis of the FBI's security and privacy warnings about smart TVs. Also featured: discussions on the security of connected medical devices and strategies for fighting synthetic identity fraud.

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.

Governance

GOP Federal Privacy Bill Would Supersede CCPA

Suparna Goswami • December 5, 2019

After several moves by Democrats to introduce federal privacy legislation, Republican Senator Roger Wicker on Tuesday unveiled a draft consumer privacy bill, the United States Consumer Data Privacy Act of 2019, that would override various state laws on privacy, including the California Consumer Privacy Act.

3rd Party Risk Management

John Halamka on Privacy, Security of Mayo Clinic Platform

Marianne Kolbasuk McGee • December 5, 2019

In an in-depth interview, John Halamka, M.D., the former long-time CIO at Beth Israel Deaconess Medical Center in Boston, discusses his upcoming move to head Mayo Clinic's global digital health initiative in collaboration with Google - and why privacy and security are so critical to those efforts.

Breach Notification

2 Phishing-Related Health Data Breaches Grow Even Bigger

Marianne Kolbasuk McGee • December 4, 2019

Investigations of two apparently unrelated phishing-related breaches that affected members of Presbyterian Health Plan have revealed the incidents had an even bigger and broader impact than originally thought. This underscores the challenges organizations can face when assessing the true impact of breaches.