A new, free decryptor available via No More Ransom will unlock systems infected with GandCrab, up to version 5.1

Police Push Free Decryptor for GandCrab Ransomware

Mathew J. Schwartz • February 19, 2019

Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.

Critical Infrastructure Security

Assessing IoT Risks in Healthcare Environments

Latest

Data Breach

Congress Scrutinizes Facebook Health Data Privacy Complaint

Marianne Kolbasuk McGee • February 20, 2019

A Congressional committee is demanding Facebook provide answers concerning a complaint filed with the FTC alleging misleading privacy practices involving personal health information. The complaint also alleged a data leak exposed the names of over 10,000 cancer patients participating in a Facebook group.

Fraud Management & Cybercrime

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Mathew J. Schwartz • February 20, 2019

Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable. But Parliament's probe into disinformation and "fake news" reserves special scorn for Facebook CEO Mark Zuckerberg.

Authentication

Password Managers Leave Crumbs in Memory, Researchers Warn

Jeremy Kirk • February 20, 2019

A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Data Breach

Wendy's Reaches $50 Million Breach Settlement With Banks

Mathew J. Schwartz • February 19, 2019

Fast-food giant Wendy's has reached a $50 million settlement agreement with financial institutions that sued after attackers planted RAM-scraping malware on point-of-sale systems in 1,025 of its restaurants in 2015 and 2016, exfiltrating data for 18 million payment cards.

Breach Preparedness

Post-Breach HIPAA Enforcement: A Call for 'Safe Harbors'

Marianne Kolbasuk McGee • February 19, 2019

Among the hundreds of responses to a federal request for comments about potential changes to the HIPAA rules were suggestions for "safe harbors" that would shelter organizations with strong security strategies from HIPAA enforcement actions after a health data breach.

Cyberwarfare / Nation-state attacks

Suspected State-Sponsored Hackers Pummel US and Australia

Jeremy Kirk • February 19, 2019

Recent apparently state-sponsored hack attacks have hit dozens of companies in the U.S. and political parties in Australia. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.

Application Security

Facebook's Leaky Data Bucket: App Stored User Data Online

Jeremy Kirk • February 18, 2019

A security consultancy discovered Facebook user data exposed in two different places online without authentication or encryption. The data, which is now offline, came from an Android app that purported to offer statistical information to logged-in users.

Cyberwarfare / Nation-state attacks

Report: UK Believes Risk of Using Huawei Is Manageable

Mathew J. Schwartz • February 18, 2019

Britain's intelligence establishment has reportedly concluded that any risks posed by Chinese-built Huawei networking equipment used as part of the country's 5G rollout can be minimized if the process is appropriately managed.

Artificial Intelligence & Machine Learning

Key Security Considerations for AI and Robotics

Marianne Kolbasuk McGee • February 18, 2019

As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.

Compliance

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Mathew J. Schwartz • February 15, 2019

The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures. But the social network is alarmed about the proposed settlement agreement's terms and conditions, The Washington Post reports.

Application Security

WannaCry Hero Loses Key Motions in Hacking Case

Jeremy Kirk • February 15, 2019

A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware. The rulings could complicate the challenges for the defense team of Marcus Hutchins, who remains in the U.S.

Artificial Intelligence & Machine Learning

Business Email Compromises: The Growing Threat in Healthcare

Marianne Kolbasuk McGee • February 15, 2019

Business email compromise attacks are becoming far more common in the healthcare sector, says Rod Piechowski of the Healthcare Information and Management Systems Society, who discusses promising technologies to help address the threat.