Britain Re-Evaluating Huawei's Role in 5G Rollout

Mathew J. Schwartz • May 26, 2020

Britain is reconsidering whether Huawei's technology will be used its national 5G rollout as a result of increased White House sanctions against the Chinese telecommunications giant, which could result in Huawei having to source semiconductors from less reliable sources.

COVID-19

GAO: Chemical Plants Vulnerable to Cyberattacks

Latest

Governance & Risk Management

Why an Information Asset Register Plays Important Role

Anna Delaney • May 26, 2020

Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.

Cloud Security

Setting IAM Priorities in the Shift to the Cloud

Anna Delaney • May 26, 2020

As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.

Electronic Healthcare Records

AMA Outlines Privacy Principles for Health Data

Marianne Kolbasuk McGee • May 26, 2020

The American Medical Association has issued a set of privacy principles for health data that it hopes Congress and regulators will keep in mind as they prepare legislation and regulations. In an interview, AMA Board Chair Jesse Ehrenfeld, M.D., describes the recommendations.

Breach Notification

How to Avoid Unnecessary Breach Reporting

Marianne Kolbasuk McGee • May 26, 2020

Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.

Breach Notification

UK Data Breach Reports Decline

Mathew J. Schwartz • May 25, 2020

Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.

Endpoint Detection & Response (EDR)

RagnarLocker Deploys a Virtual Machine to Hide Ransomware

Mathew J. Schwartz • May 22, 2020

As ransomware gangs attempt to boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, security firm Sophos warns.

COVID-19

Microsoft Warns of COVID-19 Phishing Emails Spreading RAT

Akshaya Asokan • May 22, 2020

Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.

Cybercrime

Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall

Akshaya Asokan • May 22, 2020

Hackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, but Sophos says it made a temporary fix that mitigated the risks. Attackers originally attempted to plant a Trojan, but then switched to ransomware.

Cybercrime

Phishing Campaign Leverages Google to Harvest Credentials

Ishita Chigilli Palli • May 22, 2020

Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Application Security

Analysis: The Long-Term Implications of 'Work From Home'

Nick Holland • May 22, 2020

The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.

Breach Notification

Bank of America: COVID-19 Loan Data May Have Leaked

Doug Olenick • May 21, 2020

Bank of America disclosed this week that some customers' data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program - a U.S. government initiative created to provide business loans during the COVID-19 pandemic.

Cybercrime

Hot Offering on Darknet: Access to Corporate Networks

Doug Olenick • May 21, 2020

The number of darknet forum ads offering full access to corporate networks jumped almost 70% during the first quarter of 2020, compared to the previous quarter, posing a significant potential risk to corporations and their now remote workforces, according to security firm Positive Technologies.