Latest

Governance

Lumin PDF Leak Exposed Data on 24 Million Users

Jeremy Kirk  •  September 18, 2019

Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.

HIPAA/HITECH

Victim Total Soars in County Health Data Breach

Marianne Kolbasuk McGee  •  September 18, 2019

A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike?

Cybercrime

Researchers: Emotet Botnet Is Active Again

Apurva Venkat  •  September 17, 2019

Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., U.K. and German targets starting on Monday.

Application Security

NIST Issues Draft Guidance for Securing PACS

Marianne Kolbasuk McGee  •  September 17, 2019

New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS.

Fraud Management & Cybercrime

Investigation Launched After Ecuadorian Records Exposed

Akshaya Asokan  •  September 17, 2019

An unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet, according to a report from two independent security researchers. An official investigation is underway.

Breach Notification

Brokerage Firm Hit With $500,000 Data Breach Penalty

Apurva Venkat  •  September 16, 2019

The U.S. Commodity Futures Trading Commission has hit Philips Capital Inc., a Chicago-based brokerage firm, with a $500,000 penalty for security missteps before and after a 2018 data breach, which resulted in the theft of $1 million from client accounts.

Governance

Life After Snowden: US Still Lacks Whistleblowing Rules

Mathew J. Schwartz  •  September 16, 2019

Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Cybercrime

Credit Card Theft Ringleader Pleads Guilty

Scott Ferguson  •  September 13, 2019

One of the three Ukrainian men charged with leading the notorious Fin7 hacking group, which prosecutors say stole 15 million payment cards, has pleaded guilty to two federal charges.

Multi-factor & Risk-based Authentication

PSD2 Authentication Requirements: The Implementation Hurdles

Geetha Nandikotkur  •  September 13, 2019

Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept. 14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes.

Cybercrime

For Sale: Admin Access Credentials to Healthcare Systems

Marianne Kolbasuk McGee  •  September 13, 2019

Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.

Fraud Management & Cybercrime

Ransomware Gangs Practice Customer Relationship Management

Mathew J. Schwartz  •  September 13, 2019

Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."

Governance

Tips on Countering Insider Threat Risks

Jeremy Kirk  •  September 13, 2019

Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.