Profiles in Leadership: Mark Eggleston of Health Partners Plans

Tom Field • October 15, 2020

Yes, a CISO must be technologist and a business risk leader. But more than ever, a CISO also must be a bit of a counselor, says Mark Eggleston, chief information security and privacy officer of Health Partners Plans, who puts mental health support atop his own list of key responsibilities.

►

Leadership & Executive Communication

Profiles in Leadership: Nancy Hunter, CISO, Philadelphia Fed

Latest

Cyberwarfare / Nation-State Attacks

6 Russians Indicted for Destructive NotPeyta Attacks

Scott Ferguson , Doug Olenick • October 19, 2020

The U.S. Justice Department unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee • October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.

Cybercrime

'Active Threat' Warning: Patch Serious SharePoint Flaw Now

Mathew J. Schwartz • October 19, 2020

Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.

General Data Protection Regulation (GDPR)

British Airways' GDPR Fine Dramatically Reduced

Doug Olenick • October 16, 2020

Britain's Information Commissioner's Office announced this week a dramatic reduction in its fine against British Airways for violating the EU's General Data Protection Regulation. The company will pay a $26 million fine instead of $238 million in a case tied to a 2018 breach.

Cybercrime

For Sale: 3 Million Cards Used at Dickey's Barbeque Pit

Chinmay Rautmare • October 16, 2020

The Joker's Stash darknet marketplace has posted a fresh collection of 3 million credit cards that are likely related to a breach of the Dickey's Barbecue Pit chain of franchised restaurants, according to Gemini Advisory.

3rd Party Risk Management

Supply Chain Risk Management: Areas of Concern

Marianne Kolbasuk McGee • October 16, 2020

Many healthcare organizations are failing to address shortcomings in security risk management for their supply chains, says former healthcare CIO David Finn, describing findings of a recent study assessing the state of cybersecurity in the sector.

Cybercrime as-a-service

Analysis: Ransomware Dominates the Cybercrime Landscape

Anna Delaney • October 16, 2020

The latest edition of the ISMG Security Report analyzes a new report that labels ransomware as the No. 1 cybercrime threat. Also featured: A former FBI agent offers an update on "disruptionware" attacks; how Tesla's autopilot is tricked by phantom images.

Fraud Management & Cybercrime

Ransomware: Would Banning Ransom Payments Mitigate Threat?

Mathew J. Schwartz • October 16, 2020

As ransomware continues to slam organizations, a lively debate has ensued about whether ransom payments should be banned in all cases. Attempting to ban ransom payments, however, likely would only make the problem worse.

Business Continuity Management / Disaster Recovery

Another Threat Group Joins Ransomware Extortion Racket

Chinmay Rautmare • October 15, 2020

A newly identified financially motivated threat group, dubbed "FIN11," is deploying Clop ransomware and exfiltrating data from its targets for extortion efforts, according to researchers at FireEye Mandiant.

Cyberwarfare / Nation-State Attacks

Iranian Hacking Group Again Targets Universities

Akshaya Asokan • October 15, 2020

A hacking group with suspected ties to Iran's government is again targeting universities in the U.S. and around the world, according to researchers with security firm Malwarebytes. "Silent Librarian" typically attempts to steal intellectual property.

Cybercrime

New York Calls for Federal Regulation of Social Media

Doug Olenick • October 14, 2020

A report by New York state investigators calls for Twitter and other social media companies to implement greater cybersecurity measures and advocates greater federal regulatory oversight of social media companies to help prevent the misuse of their platforms.

Business Email Compromise (BEC)

More BEC Criminal Gangs Are Based in US

Akshaya Asokan • October 14, 2020

Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by the security firm Agari.