Mueller Report: With Russian Hacking Laid Bare, What Next?

Mathew J. Schwartz • April 19, 2019

Robert Mueller's report into Russian interference clearly states: "The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion." In the wake of the Trump administration lifting some Russian sanctions, one expert says it must take the opposite tack.

Cybersecurity

Coping With Burnout in the CISO Role

Latest

Breach Response

Facebook Password, Email Contact Mishandling Worsens

Jeremy Kirk • April 19, 2019

Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson • April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Endpoint Security

The Dangers of Unsecured Medical Devices

Marianne Kolbasuk McGee • April 19, 2019

Mitigating medical device cybersecurity risks can be a matter of life and death, warns federal adviser and security expert Anura Fernando, who says ensuring that medical device network connections are properly managed, monitored and secured is "much like keeping a weapon in a safe with the safety on."

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz • April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Compliance

Why a Furniture Maker Had to Report a Health Data Breach

Marianne Kolbasuk McGee • April 18, 2019

Sometimes, even a furniture manufacturer must report a health data breach to comply with the HIPAA Breach Notification Rule. Compliance experts explain the requirements for certain employers.

Anti-Malware

Researchers: Malware Can Be Hidden in Medical Images

Marianne Kolbasuk McGee • April 17, 2019

A "flaw" in the file format of the DICOM standard for communication of medical imaging information could be exploited to hide malware in MRI and CT scans alongside patient data, according to a new research report. But the developer of DICOM contends the feature isn't a flaw and any risks can be mitigated.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson • April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.

Cloud Security

'Alexa, Are You HIPAA Compliant?'

Marianne Kolbasuk McGee • April 16, 2019

Boston Children's Hospital is pioneering the use of Amazon's Alexa voice assist technology in the healthcare sector. John Brownstein, the hospital's chief innovation officer, discusses the security measures involved.

Breach Preparedness

Data Breaches in Healthcare Affect More Than Patient Data

Marianne Kolbasuk McGee • April 15, 2019

Two recent data breaches at organizations in the healthcare sector illustrate that systems beyond those directly related to patient care can be at risk.

Cybercrime

Silk Road 2.0 Operator Sentenced to Prison

Scott Ferguson • April 15, 2019

An unemployed British man has been sentenced to more than five years in prison for his role in operating the Silk Road 2.0 darknet site, which succeeded the original Silk Road website after the FBI closed it in 2013, U.K. authorities say.

Cybersecurity

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Jeremy Kirk • April 15, 2019

An Australian company that markets a smartwatch that lets parents monitor their children shut down its service on Monday after researchers revealed hackers could track a child's location, spoof the location, add themselves as a "parent" and view personally identifiable information associated with the account.