The Hall of Supreme Harmony within the Forbidden City in Beijing. (Photo: Denny Jarvis via Flickr/CC)

Reports: China Suspected In Marriott Database Breach

Jeremy Kirk • December 13, 2018

Hackers linked with China are suspected to be behind the four-year breach of Marriott's Starwood guest reservation system, Reuters reports on Wednesday. The suggestion is likely to contribute to increased tension between the U.S. and China.

Breach Response

GOP Hacking Incident: What Happened?

Latest

Data Breach

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Marianne Kolbasuk McGee • December 12, 2018

In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.

Cybercrime

Eastern European Bank Hackers Wield Malicious Hardware

Mathew J. Schwartz • December 10, 2018

Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab. It says that since 2017, the "DarkVishnya" attack campaign has hit at least eight Eastern European banks.

General Data Protection Regulation (GDPR)

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Mathew J. Schwartz • December 10, 2018

The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk • December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

3rd Party Risk Management

Emails Expose Sensitive Internal Facebook Discussions

Jeremy Kirk • December 6, 2018

A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field • December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field • December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.

3rd Party Risk Management

Applying Secure Multiparty Computation Technology

Geetha Nandikotkur • December 6, 2018

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

Cyberwarfare / Nation-state attacks

Top Republican Email Accounts Compromised

Jeremy Kirk • December 5, 2018

Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports. Few details have been released about the incident, which was investigated by Crowdstrike.

Cybercrime

Black Hat Europe: The Power of Attribution

Mathew J. Schwartz • December 5, 2018

To combat cyberattacks, more nations must not only hold nation-state attackers accountable, but also better cooperate by backing each other's attribution, said Estonian politician Marina Kaljurand, who chairs the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe 2018.

Cybersecurity

Cybersecurity in Healthcare: It's Time to 'Wake Up'

Tom Field • December 5, 2018

The healthcare sector is making progress in moving from a reactive to a proactive approach to cybersecurity as it learns lessons from other sectors, including financial services, says Greg Garcia, executive director for cybersecurity at the Healthcare and Public Health Sector Coordinating Council.

Cloud Security

12 States File Data Breach Lawsuit Against EHR Vendor

Marianne Kolbasuk McGee • December 4, 2018

In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9 million individuals.