Congressmen Bill Foster, D-Ill. (left) and Mike Kelly, R-Penn, sponsored the measure that would lift the ban.

House Again Votes to Lift National Patient ID Ban

Marianne Kolbasuk McGee • August 4, 2020

For the second year in a row, the House of Representatives has voted to lift the ban on the Department of Health and Human Services funding the development or adoption of a unique, national patient identifier. But will it be derailed again in the Senate?

Account Takeover

GOP Proposal: $53 Million for COVID-19 Research Security

Latest

Governance & Risk Management

Consumer Data Exposed in Telemarketing Adviser Breach

Jeremy Kirk • August 4, 2020

A California-based organization that helps telemarketing companies avoid lawsuits for unsolicited calls exposed its internal files to the internet. Ironically, the breach exposed the phone numbers of those who've filed complaints about unsolicited telemarketing.

Application Security

Why Flash Player Removal Should Be a Priority

Doug Olenick • August 4, 2020

Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.

Cybercrime

Alert: Chinese Malware Targeting IT Service Providers

Akshaya Asokan • August 4, 2020

A trio of U.S. government agencies is warning organizations about a hacking campaign using a malware strain that has previously been tied to Chinese hackers. The Taidoor RAT, which has been around for over 10 years, has recently been spotted in several campaigns against IT service providers.

Cybercrime

Top Cybersecurity Challenge: 'More Capable Threat Actors'

Mathew J. Schwartz • August 3, 2020

The pace of online crime hasn't been flagging, as "more capable threat actors" - criminals and nation-states alike - have been bringing more advanced tools and tactics to bear on victims, says Raj Samani, chief scientist at McAfee.

Artificial Intelligence & Machine Learning

Fraud Detection: Lessons From Novartis Case

Suparna Goswami • August 3, 2020

Incidents of fraud at pharmaceutical giant Novartis that resulted in over $1 billion in fines worldwide might have been avoided if the company's compliance team used data analytics to detect patterns, says Thomas Fox, a compliance evangelist and author.

Cybercrime

Secret Service Agent Offers Cybercrime-Fighting Insights

Anna Delaney • August 3, 2020

Christopher Leone, assistant special agent in charge, United States Secret Service, offers advice to organizations on forging relationships with law enforcement as part of their cybersecurity incident preparedness plans.

Cybercrime as-a-service

EU Issues First Sanctions for Cyberattacks

Akshaya Asokan • August 1, 2020

The European Union has imposed its first sanctions against individuals and entities from Russia, China and North Korea for their alleged roles in hacking activities and cyberattacks that targeted EU citizens and organizations.

Cybercrime

FastPOS Malware Creator Pleads Guilty

Akshaya Asokan • August 1, 2020

A member of the infamous Infraud Organization who was the creator of a malware strain called FastPOS has pleaded guilty to a federal conspiracy charge. Valerian Chiochiu assisted other cybercriminals through the Infraud site before authorities shuttered it in 2018, prosecutors say.

Endpoint Security

Medical Device Security Alerts: The Latest Updates

Marianne Kolbasuk McGee • July 31, 2020

Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.

Endpoint Security

Boot-Loading Flaw Affects Linux, Windows Devices

Akshaya Asokan • July 31, 2020

A vulnerability that can impede the boot-loading process of an operating system could potentially affect billions of Linux and Windows machines, according to Eclypsium. The flaw, called "BootHole," could enable an attacker to gain near total control of an infected device.

Account Takeover

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland • July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Breach Notification

Blackbaud's Bizarre Ransomware Attack Notification

Mathew J. Schwartz • July 31, 2020

How many different shades of bizarre is the data breach notification issued by software vendor Blackbaud? Over the course of three paragraphs, Blackbaud normalizes hacking, congratulates its amazing cybersecurity team, and says it cares so much for its customers that it paid a ransom to attackers.