Latest

Data Breach

Aetna Hit With More Penalties for Two Breaches

Marianne Kolbasuk McGee  •  October 15, 2018

Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update.

Encryption & Key Management

Tech Companies Bristle at Australia's Crypto Legislation

Jeremy Kirk  •  October 15, 2018

The disagreements continue over Australia's efforts to pass legislation that would help law enforcement counter encryption. Technology companies and civil liberties organizations contend the latest draft of legislation would allow for too much secrecy and imperil privacy and security.

Governance

Update: NIST Preparing Privacy Framework

Nick Holland  •  October 15, 2018

Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project.

Cybersecurity

RSA President on the Case for a Risk-Based Security Model

Geetha Nandikotkur  •  October 15, 2018

CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."

Endpoint Security

Medtronic Cardiac Devices Recalled Due to Cyber Concerns

Marianne Kolbasuk McGee  •  October 12, 2018

The FDA has announced a "voluntary recall" by Medtronic of certain internet-connected programmers for implantable cardiac devices due to cybersecurity vulnerabilities. Some security experts are hopeful that this will serve as a wake-up call for more manufacturers to take action on addressing cybersecurity issues.

Endpoint Security

Review Shows Glaring Flaws In Xiongmai IoT Devices

Jeremy Kirk  •  October 12, 2018

Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.

Business Continuity/Disaster Recovery

Safeguarding Critical Infrastructure From Cyberattacks

Nick Holland  •  October 12, 2018

The biggest challenge for any critical infrastructure facing potential cyberattacks is devising ways to maintain business continuity, says cybersecurity specialist Prashant Pillai, who calls for building resilience into network design. He'll be a speaker at ISMG's Security Summit: London, to be held Oct. 23.

An Assessment of Google's Data Leak

Nick Holland  •  October 12, 2018

An in-depth report on the exposure of personal details for 500,00 Google+ accounts leads the latest edition of the ISMG Security Report. Also featured: an update on mitigating the risk of business email compromises and tips for protecting critical infrastructure.

Governance

Network vs. Endpoint Security: Striking the Right Balance

Varun Haran  •  October 12, 2018

With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner.

Anti-Malware

GandCrab Ransomware Partners With Crypter Service

Mathew J. Schwartz  •  October 11, 2018

The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.

Anti-Malware

Magecart Card-Stealing Gang Hits 'Shopper Approved' Plug-In

Mathew J. Schwartz  •  October 10, 2018

A notorious group of payment card-stealing gangs called Magecart has been tied to another series of online attacks, this time against Shopper Approved, an e-commerce service used by thousands of sites to gather reviews from customers.

Business Email Compromise (BEC)

Defending Against Business Email Compromise Attacks

Nick Holland  •  October 10, 2018

What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.