Sen. Rick Scott, R-Fla., who has introduced a new NDAA amendment (Photo: Gage Skidmore via Flickr)

Senate Considering Several Cyber Measures in Annual NDAA

Dan Gunderman • November 29, 2021

Following the holiday recess, U.S. lawmakers are picking up several legislative priorities starting Monday, including progress on the annual defense spending bill, which contains amendments that would require incident reporting for critical infrastructure providers, among other measures.

COVID-19

US DHS Launches New System for Hiring, Retaining Cyber Talent

Latest

Breach Notification

Pfizer Alleges Worker Took COVID Vaccine, Trade Secrets

Marianne Kolbasuk McGee • November 29, 2021

Pfizer has sued a former employee, alleging she uploaded to her personal devices and accounts thousands of files containing confidential information and trade secrets pertaining to the company's vaccines and medications, including its COVID-19 vaccine, to potentially provide to her new employer.

Cybercrime

The Best Gift for the Holidays? An Incident Response Plan

Anna Delaney • November 26, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.

Endpoint Security

Medical Data Exposed in Breach at True Health New Mexico

Jeremy Kirk • November 26, 2021

A health insurer in New Mexico is warning of a data breach that exposed customers' personal and medical information. True Health New Mexico reports that nearly 63,000 individuals' personal details were exposed in the "early October" incident. It's offering all victims prepaid credit monitoring services.

3rd Party Risk Management

Essential Preparations for the Holiday Season Attack Surge

Anna Delaney • November 26, 2021

The latest edition of the ISMG Security Report features an analysis of how organizations can reduce risk especially over holidays and weekends, when attackers are most likely to strike. Also featured: Highlights from Ireland's IRISSCON 2021 cybercrime conference; what's ahead for COVID-19 and the workplace?

COVID-19

UK Legislation Seeks Mandatory Security Standards for IoT

Prajeet Nair • November 25, 2021

Could the internet of things be made more secure? A draft law in Britain would impose stronger cybersecurity regulations for manufacturers, importers and distributors of smartphones, TVs, toys and other "connected" digital devices, backed by the threat of fines of up to $13 million for noncompliance.

Cybercrime

Ransomware: Best Practices for Negotiating a Ransom Payment

Mathew J. Schwartz • November 25, 2021

No ransomware victim ever wants to pay a ransom. But if for whatever reason they choose to do so, multiple tactics can help them negotiate down initial demands by 50% or more. So say two researchers at NCC Group's cybersecurity division Fox-IT, based on their review of over 700 ransomware negotiations.

Cybercrime

Ukraine's Secret Service Busts 5 Alleged 'Phoenix' Hackers

Mihir Bagwe • November 25, 2021

The Secret Service of Ukraine has arrested five Ukrainian citizens on suspicion of being part of a cybercrime group called Phoenix, which it says has been tied to hacking hundreds of mobile devices, stealing personal data and also selling "hacking as a service" to others.

3rd Party Risk Management

Apple Sues NSO for Product and Service Abuse

Mihir Bagwe • November 24, 2021

The NSO Group is the target of a lawsuit filed by Apple, which alleges that the spyware maker abused Apple's products and services to carry out spying operations. The news follows the NSO Group's blacklisting by the U.S. government, a score downgrade by Moody's, and a reportedly failed deal with France.

Blockchain & Cryptocurrency

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

Prajeet Nair • November 24, 2021

Cryptocurrency exchange BTC-Alpha faces a ransomware attack; Morphisec researchers investigate malware that targets cryptocurrency, NFT communities on Discord; and RiskIQ researchers uncover fresh Aggah campaign that deploys clipboard hijacking code to swap a victim's cryptocurrency address.

Business Continuity Management / Disaster Recovery

Why Ransomware Is a Game Changer for Cyber Insurance

Marianne Kolbasuk McGee • November 24, 2021

Ransomware attacks have become the game changer in driving up security requirements, policy premiums and rejection rates for healthcare sector entities seeking new cyber insurance policies or renewals, says Doug Howard, CEO of privacy and security consultancy Pondurance.

Cybercrime

Report: China to Target Encrypted Data as Quantum Advances

Dan Gunderman • November 23, 2021

Chinese threat actors may increasingly look to steal sensitive, encrypted data in hopes of decrypting it with quantum computing technology in the years ahead, according to a new report. Researchers say Chinese threat actors may target government, business and academic data with long-term value.

Business Continuity Management / Disaster Recovery

COVID and the Holidays: What You Need to Know

Tom Field • November 23, 2021

COVID-19 deaths are down in some parts of the U.S., but infection rates are up. What does this mean as the nation kicks off its holiday season with Thanksgiving? Pandemic expert Regina Phelps shares insight on how to approach the holidays and what it will take to attain an endemic state.