California Gov. Gavin Newsom (Photo: Charlie Kaijo via Flickr/CC)

CCPA Amendments Signed; Draft Regulations Released

Scott Ferguson • October 14, 2019

Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.

Cyberwarfare / Nation-State Attacks

Facebook Pressured Over Encrypted Messaging Plans

Latest

Business Continuity Management / Disaster Recovery

Pitney Bowes Says Ransomware Behind System Outages

Jeremy Kirk • October 15, 2019

Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear to be at risk. The postage meter maker says "all options" are being considered for recovery, meaning that it could pay a ransom.

Breach Notification

Hepatitis Patients' Data Exposed

Marianne Kolbasuk McGee • October 14, 2019

The Philadelphia Department of Public Health inadvertently exposed on its website the records of thousands of hepatitis patients, according to a local news report. The incident points to the need for better staff training, one expert says.

Endpoint Security

Thoma Bravo to Buy Sophos for $3.9 Billion

Scott Ferguson • October 14, 2019

Private-equity firm Thoma Bravo, which already has stakes in several cybersecurity companies, plans to buy U.K.-based security company Sophos in a $3.9 billion deal, the two companies announced Monday. The Sophos board will "unanimously recommend" the sale to shareholders, the company says.

Governance

Imperva's Breach Post-Mortem: API Key Left Exposed

Jeremy Kirk • October 14, 2019

Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.

Cybercrime

Capital One Hacking Trial Delay Likely

Scott Ferguson • October 11, 2019

Defense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.

Breach Notification

Hacked Off: Lawsuit Alleges CafePress Used Poor Security

Mathew J. Schwartz • October 11, 2019

Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.

Account Takeover

Singapore Man Charged in Large-Scale Cryptomining Scheme

Apurva Venkat • October 11, 2019

A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.

Electronic Healthcare Records

Making the Case for National Unique Patient ID

Marianne Kolbasuk McGee • October 11, 2019

How might a national unique patient identifier improve the accuracy of patient record matching and potentially help address identity fraud? Julie Dooling of the American Healthcare Information Management Association - which has been lobbying for the development of such an ID - makes the case.

3rd Party Risk Management

Analysis: Twitter's Phone Number Repurposing 'Mistake'

Nick Holland • October 11, 2019

The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.

Business Email Compromise (BEC)

How Cybercriminals Continue to Innovate

Mathew J. Schwartz • October 10, 2019

Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

Biometrics

Privacy: How Technology Is Outpacing Regulation

Suparna Goswami • October 10, 2019

To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.

Endpoint Security

HHS Proposes Allowing Cybersecurity Donations to Doctors

Marianne Kolbasuk McGee • October 9, 2019

Federal regulators are proposing a "safe harbor" that would permit hospitals to donate certain cybersecurity software and services to physicians. The move would modify the so-called Stark Law and federal anti-kickback regulations.