Facebook's Seattle office (Photo: Faceboo)

Facebook's Purge So Far: 69,000 Apps Suspended

Jeremy Kirk • September 23, 2019

Facebook says it has suspended tens of thousands of apps as part of its ongoing investigation into data misuse that grew out of the Cambridge Analytica scandal. The company won't disclose the affected apps, but an unsealed court filing says it has suspended 69,000.

Artificial Intelligence & Machine Learning

Senators Urge FCC to Review Licenses for Chinese Telecoms

Latest

Business Continuity Management / Disaster Recovery

Ransomware Attack on Rural Hospital Disrupts Services

Marianne Kolbasuk McGee • September 23, 2019

A ransomware attack late last week on a county hospital in rural Wyoming was still causing patient care disruptions on Monday. Some patients were sent more than 125 miles away to other area hospitals for treatment.

Governance

Senate Budget Bill Would Keep Patient ID Ban Intact

Marianne Kolbasuk McGee • September 20, 2019

The movement to lift the longstanding Congressional ban on federal regulators funding the development or adoption of a national unique patient identifier appears to have hit a roadblock. Here's an update.

Cybercrime

Other Attackers Reuse Old Magecart Domains: Report

Jeffrey Burt • September 20, 2019

Decommissioned domains that were part of the pervasive Magecart web-skimming campaigns are being put to use by other cybercriminals who are re-activating them for other scams, including malvertising, according to researchers at RiskIQ.

Account Takeover

Accused JPMorgan Chase Hacker Plans to Plead Guilty

Mathew J. Schwartz • September 20, 2019

Russian national Andrei Tyurin, who was extradited last year from Eastern Europe to the United States, has stated that he plans to accept a plea deal he's reached with federal prosecutors. Tyurin has been charged with numerous crimes, including hacking JPMorgan Chase and stealing 83 million customer records.

Fraud Management & Cybercrime

Analysis: Fallout From the Snowden Memoir

Nick Holland • September 20, 2019

The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.

Cybercrime

Cryptoming Botnet Smominru Returns With a Vengeance

Jeffrey Burt • September 19, 2019

The crypotmining botnet Smominru, which has been around since at least 2017, has resurfaced with a new campaign that has infected 90,000 devices worldwide, including in the U.S., China and Russia, according to security analysts at Guardicore.

Cybercrime

Supply Chain Attacks: Hackers Hit IT Providers

Mathew J. Schwartz • September 19, 2019

A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.

Cyberwarfare / Nation-State Attacks

Facebook Removes Hundreds of Fake Accounts

Akshaya Asokan • September 19, 2019

Facebook announced this week that it has removed hundreds of fake accounts and pages. The majority of these originated in Ukraine or Iraq and used phony user identifications to spread misinformation in an attempt to influence local politics, the company says.

Governance

Lumin PDF Leak Exposed Data on 24 Million Users

Jeremy Kirk • September 18, 2019

Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.

HIPAA/HITECH

Victim Total Soars in County Health Data Breach

Marianne Kolbasuk McGee • September 18, 2019

A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike?

Cybercrime

Researchers: Emotet Botnet Is Active Again

Apurva Venkat • September 17, 2019

Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., U.K. and German targets starting on Monday.

Application Security

NIST Issues Draft Guidance for Securing PACS

Marianne Kolbasuk McGee • September 17, 2019

New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS.