Attorney Jodi Daniel, a partner at Crowell & Moring's healthcare group

Information Blocking Rules: What They Would Mean for CISOs

Marianne Kolbasuk McGee • February 22, 2019

Healthcare CISOs and other security and privacy leaders must carefully assess HHS' proposed new rules designed to help prevent the blocking of health information sharing and consider how they might "operationalize" the provisions within their organizations, says attorney Jodi Daniel.

Anti-Malware

WannaCry Hero Loses Key Motions in Hacking Case

Latest

Application Security

Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

Mathew J. Schwartz • February 22, 2019

Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code. The Drupal project team has released updates to fix the problem, which is already being targeted by hackers.

Cybercrime

Big Dump of Pakistani Bank Card Data Appears on Carder Site

Mathew J. Schwartz • February 22, 2019

The notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million. Nearly all of the 70,000 bank cards are advertised as being from Meezan Bank, the country's largest Islamic bank, Group-IB reports.

Blockchain & Cryptocurrency

Password Manager Weaknesses Revealed

Nick Holland • February 22, 2019

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.

Application Security

WhatsApp Flaw Could Enable iOS Message Snooping

Jeremy Kirk • February 21, 2019

Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices. The flaw could let someone with physical access to a device bypass Face ID and Touch ID.

Authentication

Password Managers Leave Crumbs in Memory, Researchers Warn

Jeremy Kirk • February 20, 2019

A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Breach Preparedness

Post-Breach HIPAA Enforcement: A Call for 'Safe Harbors'

Marianne Kolbasuk McGee • February 19, 2019

Among the hundreds of responses to a federal request for comments about potential changes to the HIPAA rules were suggestions for "safe harbors" that would shelter organizations with strong security strategies from HIPAA enforcement actions after a health data breach.

Business Continuity/Disaster Recovery

Police Push Free Decryptor for GandCrab Ransomware

Mathew J. Schwartz • February 19, 2019

Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.

Application Security

Facebook's Leaky Data Bucket: App Stored User Data Online

Jeremy Kirk • February 18, 2019

A security consultancy discovered Facebook user data exposed in two different places online without authentication or encryption. The data, which is now offline, came from an Android app that purported to offer statistical information to logged-in users.

Cyberwarfare / Nation-state attacks

Report: UK Believes Risk of Using Huawei Is Manageable

Mathew J. Schwartz • February 18, 2019

Britain's intelligence establishment has reportedly concluded that any risks posed by Chinese-built Huawei networking equipment used as part of the country's 5G rollout can be minimized if the process is appropriately managed.

Blockchain & Cryptocurrency

Protecting Cryptocurrency in the Era of 'Deep Fakes'

Nick Holland • February 15, 2019

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Artificial Intelligence & Machine Learning

HIMSS19: The Cybersecurity Obstacles, Opportunities Ahead

Marianne Kolbasuk McGee • February 15, 2019

Another annual HIMSS conference is in the rear-view mirror. But what's up the road in terms of top cybersecurity-related challenges facing the healthcare sector?

Cybercrime

US Air Force Veteran Charged in Iran Hacking Scheme

Jeremy Kirk • February 14, 2019

A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents. The case marks another damaging leak for the American government.