Latest

Fraud Management & Cybercrime

Insider Medicaid Fraud Case: 'An Important Reminder'

Marianne Kolbasuk McGee  •  July 16, 2019

The sentencing of a former worker at a substance abuse treatment provider in connection with a Medicaid fraud conspiracy "is an important reminder about the threats from insiders," one privacy attorney says.

Application Security

How a Big Rock Revealed a Tesla XSS Vulnerability

Jeremy Kirk  •  July 16, 2019

Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.

Endpoint Security

Broadcom Reportedly Suspends Bid for Symantec

Scott Ferguson  •  July 15, 2019

Broadcom has reportedly suspended its effort to acquire Symantec after the two companies failed to agree on a price for the deal. The negotiations had been ongoing for several weeks.

Cybercrime

'Sea Turtle' DNS Hijackers Expand Reach

Jeffrey Burt  •  July 15, 2019

The group behind the Sea Turtle espionage campaign that was exposed in April is expanding its geographic reach and claiming new victims, according to researchers with Cisco's Talos unit.

Cybercrime

Phishing Campaign Tied to Amazon Prime Day

Akshaya Asokan  •  July 15, 2019

In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.

Cybercrime

Software Engineer Charged With Stealing Company Secrets

Scott Ferguson  •  July 12, 2019

A former software engineer for an Illinois-based locomotive manufacturer allegedly stole proprietary information and other intellectual property from the company before fleeing to China, according to an indictment the U.S. Justice Department unsealed Thursday.

Security Operations

The Future SOC: Harmonizing Detection and Response

Jeremy Kirk  •  July 12, 2019

The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.

Active Defense & Deception

Analysis: The Significance of GDPR Fines

Nick Holland  •  July 12, 2019

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.

3rd Party Risk Management

Battling Supply Chain Security Risks

Marianne Kolbasuk McGee  •  July 12, 2019

Incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black, who addresses "island hopping" and other emerging threats.

Fraud Management & Cybercrime

Report: Ransomware Targets QNAP Storage Devices

Akshaya Asokan  •  July 11, 2019

A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, warns security firm Anomali.

HIPAA/HITECH

Premera Signs $10 Million Breach Settlement With 30 States

Marianne Kolbasuk McGee  •  July 11, 2019

Health insurer Premera Blue Cross has signed a $10 million HIPAA settlement with the attorneys general of 30 states in the wake of a 2014 data breach that exposed personal information on more than 10.4 million individuals nationwide.

3rd Party Risk Management

Managing Third-Party Risks: CISOs' Success Strategies

Suparna Goswami  •  July 11, 2019

As more organizations rely on third parties for various services, managing the security risks involved is becoming a bigger challenge. Three CISOs offer insights on their real-world strategies for success.