TSA Plans Cyber Risk Regulation for Pipeline and Rail Sector

David Perera • November 29, 2022

The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.

►

Breach Notification

Digital Army 2030: Modernizing Technology at Scale - Part 1

Latest

Endpoint Protection Platforms (EPP)

CrowdStrike Sales Growth Slows as SMB Clients Delay Spending

Michael Novinson • November 29, 2022

A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.

General Data Protection Regulation (GDPR)

UK Companies Fear Reporting Cyber Incidents, Parliament Told

Akshaya Asokan • November 29, 2022

U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.

Governance & Risk Management

HHS Rule to Ease Record Sharing, Guard Substance Abuse Data

Marianne Kolbasuk McGee • November 29, 2022

The Department of Health and Human Services has issued a new proposed rule to better align the HIPAA privacy and breach notification rules with regulations involving the confidentiality of records pertaining to patients receiving treatment for substance use disorders.

Application Security

Veracode CEO Sam King on Joining AppSec, Container Security

Michael Novinson • November 29, 2022

The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.

Industry Specific

Cybersecurity Stigma: More Victims Avoid Saying 'Ransomware'

Mathew J. Schwartz • November 29, 2022

Is the ransomware problem getting better or worse? Unfortunately, gauging attack trends continues to be complicated by the fact that many incidents never come to light publicly and many victims are hesitant to say "ransomware" when describing what hit them, says Comparitech's Rebecca Moody.

Fraud Management & Cybercrime

Meta Fined by Irish Privacy Regulator for GDPR Violations

Akshaya Asokan • November 28, 2022

Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scraped data of 533 million users appeared online. The data contained names, phone numbers and birthdates. Facebook says it takes active measures against data scraping.

Governance & Risk Management

Indiana Health Entity Reports Breach Involving Tracking Code

Marianne Kolbasuk McGee • November 28, 2022

An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.

Fraud Management & Cybercrime

Greater Toronto School Offline Following 'Cyber Incident'

Mihir Bagwe • November 28, 2022

Staffers reacted with incredulity after a cyber incident at a Greater Toronto school district kept systems offline and forced teachers to take attendance manually. Online learning and student Chromebooks were not working at Durham District School Board, which serves more than 74,000 students.

API Security

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Mathew J. Schwartz • November 28, 2022

Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

Business Continuity Management / Disaster Recovery

Cyber Resilience Minimizes Risks for Digital Services

Brian Pereira • November 25, 2022

Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.

Cybercrime

ISMG Editors: The Rise of Info Stealing Malware

Anna Delaney • November 25, 2022

In the latest weekly update, Information Security Media Group Editors discuss current cybersecurity and privacy issues, including advice on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto's first big M&A since early 2021.

Cybercrime

Ontario Teachers’ Data Stolen in Ransomware Attack

Mihir Bagwe • November 25, 2022

A cyberattack on a Canadian teachers’ union gave thieves access to sensitive data of more than 60,000 members The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.