President Trump fields questions at a press conference in Helsinki on July 16. (Photo: White House)

How Trump Talks About Russian Hacking

Mathew J. Schwartz • July 19, 2018

President Donald Trump has stated that he believes the Russian government attempted to interfere in U.S. elections. But at times, he appears to have also suggested that the interference may be attributable to other countries instead.

Cyberwarfare / Nation-state attacks

Why You Can Take Fraud Advice From This Ex-Con

Latest

Endpoint Security

LabCorp Still Recovering From Ransomware Attack

Marianne Kolbasuk McGee • July 20, 2018

Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?

Breach Notification

Hackers Grab 1.5 Million Patients' Details in Singapore

Mathew J. Schwartz • July 20, 2018

Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.

Endpoint Security

Bank Hackers Exploit Outdated Router to Steal $1 Million

Mathew J. Schwartz • July 20, 2018

Hackers stole at least $920,000 from Russia's PIR Bank after they successfully compromised an outdated, unsupported Cisco router at a bank branch office and used it to tunnel into the bank's local network, reports incident response firm Group-IB.

Cyberwarfare / Nation-state attacks

Trump's Views on Russian Election Meddling: A History

Nick Holland • July 20, 2018

This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.

Cybersecurity

Robocalling Firm Leaves Virginia Voter Data Online

Jeremy Kirk • July 19, 2018

RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.

Cybercrime

Greece Will Send Russian Cybercrime Suspect to France

Mathew J. Schwartz • July 19, 2018

A Greek court has ruled that Russian national Alexander Vinnik will be sent to France to face cybercrime charges. The U.S. has accused Vinnik of laundering $4 billion in bitcoins via the BTC-e exchange, which it said also handled stolen Mt. Gox and Silk Road bitcoins.

Electronic Healthcare Records

FDA: Make Sure EHRs Used for Clinical Studies Are Secure

Marianne Kolbasuk McGee • July 18, 2018

The FDA has issued new guidance spelling out its policy for organizations using electronic health record data in FDA-regulated clinical investigations, such as studies of the long-term safety of various drugs. Among other criteria, the EHRs need to contain certain privacy and security controls, the agency says.

Biometrics

Facial Recognition Backlash: Technology Giants Scramble

Mathew J. Schwartz • July 18, 2018

Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.

Blockchain Applications

Using Blockchain to Support a New Approach to ID Management

Nick Holland • July 18, 2018

Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."

Cyberwarfare / Nation-state attacks

Trump's DNC 'Server' Conspiracy Rebutted

Mathew J. Schwartz • July 17, 2018

Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server. Some security experts say Trump's response was nonsense and flies in the face of good digital forensics and incident response practice.

Data Breach

Telefónica Movistar Site Exposed Customer Billing Details

Jeremy Kirk • July 17, 2018

A Spanish consumer rights organization says telecommunications company Telefónica has fixed an elementary security error in its Movistar website that potentially exposed billing invoices for millions of customers. Telefónica says it hasn't detected fraudulent use of the data.

Breach Notification

Travel-Related Breaches: Mitigating the Risks

Marianne Kolbasuk McGee • July 16, 2018

The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks.