Latest

Governance

Do the HIPAA Rules Hamper Coordinated Patient Care?

Marianne Kolbasuk McGee  •  November 15, 2018

Federal regulators plan to seek public comments on whether the HIPAA rules create barriers to sharing patient information among healthcare providers, hampering the ability to coordinate care. But some regulatory experts argue the problem is not the rules, but misunderstandings about what they allow.

Cybercrime

Romanian Hacker 'Guccifer' Extradited to US

Mathew J. Schwartz  •  November 15, 2018

The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has reportedly been extradited from Romania to begin serving his 52-month U.S. prison sentence.

Anti-Malware

InfoWars: Magecart Infection Points to 'Industrial Sabotage'

Jeremy Kirk  •  November 15, 2018

InfoWars' website was briefly affected by the Magecart payment card skimming malware, a finding that triggered a fiery response from the far right commentary site. But InfoWars is just one in a long line of victims of the malware.

Critical Infrastructure Security

Congress Approves New DHS Cybersecurity Agency

Howard Anderson  •  November 14, 2018

The United States will soon officially have a single agency that takes the lead role for cybersecurity. Congress has passed legislation to establish the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. The measure awaits President Trump's signature.

Data Breach

Nordstrom Blames Breach of Employee Data on Contractor

Jeremy Kirk  •  November 14, 2018

The department store chain Nordstrom says it doesn't believe that employees' personal data, which was exposed in an October data breach due to a contractor's error, has been misused. The retailer says the breach exposed no customer data.

Breach Response

Magecart Cybercrime Groups Harvest Payment Card Data

Mathew J. Schwartz  •  November 13, 2018

Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code. Researchers say they are tracing at least six active Magecart groups, each with unique infrastructure, skimmers and targeting.

Critical Infrastructure Security

Who Hijacked Google's Web Traffic?

Jeremy Kirk  •  November 13, 2018

Google is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China. Security experts say border gateway protocol is to blame and no easy fix is in sight.

►

Next-Generation Technologies & Secure Development

Threat Intelligence: Less Is More

Mathew J. Schwartz  •  November 13, 2018

Less can be more when it comes to gathering, consuming and acting on threat intelligence, says Bryn Norton, director of solutions architecture and security at telecommunications giant CenturyLink.

Endpoint Protection Platforms (EPP)

Analysis: FDA's Reworked Premarket Medical Device Guidance

Marianne Kolbasuk McGee  •  November 13, 2018

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details.

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz  •  November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cyberwarfare / Nation-state attacks

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz  •  November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.

Breach Response

Breach of Obamacare Site Spilled Sensitive Data

Howard Anderson  •  November 12, 2018

More than two weeks after announcing that the Obamacare website, HealthCare.gov, had been hacked, the Department of Health and Human Services has revealed that the breach exposed a wealth of information, including partial Social Security numbers and immigration status.