Facilities like this one that pre-sort mail before entering the U.S. Postal Service were disrupted by ransomware. (Photo: Pitney Bowes)

Pitney Bowes Says Ransomware Behind System Outages

Jeremy Kirk • October 15, 2019

Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear to be at risk. The postage meter maker says "all options" are being considered for recovery, meaning that it could pay a ransom.

Endpoint Security

Health Data Breach Tally: Ransomware Proliferates

Latest

Blockchain & Cryptocurrency

Libra Association Launched Amidst Defections, Congressional Scrutiny

Akshaya Asokan • October 15, 2019

The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

Cybercrime

FIN7 Gang Returns With New Malicious Tools: Researchers

Apurva Venkat • October 15, 2019

Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Legislation & Litigation

How Has FTC Data Security Enforcement Changed?

Marianne Kolbasuk McGee • October 15, 2019

In the wake of a federal appeals court ruling last year vacating a Federal Trade Commission enforcement action against LabMD, the FTC's data security consent orders are becoming far more detailed and rigorous, says former FTC attorney Julie O'Neill.

Cybercrime

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Mathew J. Schwartz • October 15, 2019

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.

3rd Party Risk Management

Analysis: New ISO Privacy Standard

Suparna Goswami • October 15, 2019

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.

Governance

CCPA Amendments Signed; Draft Regulations Released

Scott Ferguson • October 14, 2019

Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.

Breach Notification

Hepatitis Patients' Data Exposed

Marianne Kolbasuk McGee • October 14, 2019

The Philadelphia Department of Public Health inadvertently exposed on its website the records of thousands of hepatitis patients, according to a local news report. The incident points to the need for better staff training, one expert says.

Cyberwarfare / Nation-State Attacks

Nation-State Hackers Greatest Threat to 5G Networks: Report

Apurva Venkat • October 11, 2019

Nation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.

Account Takeover

Singapore Man Charged in Large-Scale Cryptomining Scheme

Apurva Venkat • October 11, 2019

A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.

3rd Party Risk Management

Analysis: Twitter's Phone Number Repurposing 'Mistake'

Nick Holland • October 11, 2019

The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.

Biometrics

Privacy: How Technology Is Outpacing Regulation

Suparna Goswami • October 10, 2019

To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.

Cybercrime

Volusion Payment Platform Sites Hit by Attackers

Scott Ferguson • October 9, 2019

A security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion. Among the victims: The Sesame Street Live online store.