Why Adding Technical Experts to Boards Is Urgent

Tracy Kitten • September 20, 2017

Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.

Breach Response

Equifax CEO: 'We Will Make Changes'

Latest

Endpoint Security

Inspector General: IRS's Aging IT Puts Taxpayer Data at Risk

Eric Chabrow • September 20, 2017

The use of aging computer hardware at the Internal Revenue Service is introducing "unnecessary risks" to sensitive taxpayer information, a new report reveals. But fixing the problem will be costly.

Anti-Malware

Kaspersky Lab Debate: Put Up or Shut Up

Mathew J. Schwartz • September 20, 2017

Information security professionals to the U.S. government: Please put up or shut up over Moscow-based cybersecurity firm Kaspersky Lab, by either showing evidence that others can independently judge, or else dropping your vague insinuations.

Breach Response

Medical Supply Firm Hacked; Log Review Key to Detection

Marianne Kolbasuk McGee • September 19, 2017

A hacking incident at a Nebraska-based medical supply company ranks as the second largest business associate health data breach reported so far this year. A log review was the key to detecting the intrusion.

Breach Notification

Equifax Disputes Report of Undisclosed Breach From March

Jeremy Kirk • September 19, 2017

Equifax is disputing Bloomberg's report that it suffered an undisclosed data breach, discovered in March, that predates the massive breach that began in May. Instead, Equifax says the March incident involved its payroll service and that it notified all victims and required regulators.

Data Breach

Former Systems Administrator Gets Prison Time

Marianne Kolbasuk McGee • September 18, 2017

A former systems administrator who worked at a Pennsylvania clinic group for only about three weeks has been sentenced to 27 months in prison in a case involving wire fraud and hacking computers. The case highlights the importance of managing administrative credentials, especially when employees leave.

Anti-Malware

Avast Distributed Trojanized CCleaner Windows Utility

Mathew J. Schwartz • September 18, 2017

For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.

Compliance

Top Democrat Likens Equifax to Enron as FTC Launches Probe

Mathew J. Schwartz • September 16, 2017

Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.

DDoS

US Sanctions Iranian Nationals Over DDoS Bank Attacks

Mathew J. Schwartz • September 15, 2017

The U.S. Treasury Department has announced sanctions against 11 individuals and organizations linked to Iran, some of whom have been accused of helping to launch distributed denial-of-service attacks against dozens of U.S. banks from 2011 to 2013.

Anti-Malware

CDDC: One Secure Screen for Classified, Secret and Public Networks

Jeremy Kirk • September 15, 2017

Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.

Anti-Malware

Report: North Korea Seeks Bitcoins to Bypass Sanctions

Mathew J. Schwartz • September 14, 2017

In cryptocurrency we trust: The government of North Korea has been turning to bitcoin exchange heists and cryptocurrency mining - potentially using malware installed on other countries' systems - to evade sanctions and fund the regime, security experts say.

Anti-Malware

Kaspersky Software Ordered Removed From US Gov't Computers

Eric Chabrow • September 13, 2017

The Trump administration is directing U.S. federal executive branch agencies to remove anti-virus software from Russian-owned Kaspersky Lab from their computers within 90 days. Kaspersky denies "inappropriate" ties to Russian government.

Breach Notification

Equifax's Latest Data Breach: Argentina

Jeremy Kirk • September 13, 2017

Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.