The alleged theft of mental health information on more than 28,000 patients in Texas, which went undetected for well over a year, is yet another reminder of the substantial risks that terminated employees can pose as well as the need to take extra steps to protect the most sensitive patient information.
The New York state Department of Financial Services' cybersecurity regulation - 23 NYCRR Part 500 - has been in effect for nearly a year now, and covered entities face some significant compliance milestones in 2018. This regulation puts new demands on financial institutions for security leadership, breach...
An employee of the NSA's Tailored Access Operations group has pleaded guilty to mishandling classified information. The material ended up in the hands of Russia after he copied it to his home computer, which had Kaspersky Lab's anti-virus software installed.
There has been a global rise in incidents of omnichannel financial fraud; such as a phishing attack being used to collect account information, then using that data to commit fraud via a bank's call center globally. Financial institutions need to enhance their ability to detect this sort of fraud - while also reducing...
Canadian citizen Karim Baratov has pleaded guilty to targeting more than 11,000 webmail accountholders to steal their passwords, including targeting 80 Gmail accounts at the request of an alleged Russian intelligence agent tied to a 2014 hack attack against Yahoo that exposed 500 million accounts.
The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.
Are you an accused Russian hacker who's been detained on foreign soil at the request of U.S. authorities? Bad news: While Mother Russia will go to court to try to bring you home, your odds of resisting U.S. extradition don't look good.
This IDC Executive Brief provides a short introduction to the main characteristics of GDPR, and proposes a number of technologies that companies should consider in their compliance activities. It concludes with several action points that provide guidance on essential elements of a compliance program.
Careful cyber security incident response planning provides a formal, coordinated approach for responding to security incidents affecting information assets. This e-book provides easy-to-follow steps for crafting an incident response plan in the event of cyber security attacks.
Download this eBook and you will learn...
Your security team should proactively and regularly hunt for cyber threats in order to stay on top of the ever evolving cyber threat landscape. If you are a CISO, information security manager, or security analyst, this eBook is a practical guide to help you understand how to set up your own threat hunting...
Reports that a plea deal is about to be reached for Karim Baratov - extradited from Canada to the United States on charges that he assisted Russian intelligence agents with the massive hack of Yahoo in 2014 - are premature, his attorney tells Information Security Media Group.
The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.
Uber paid hackers $100,000 to keep quiet about a 2016 breach that exposed 57 million accounts belonging to customers and drivers, Bloomberg reports. But was the payment a bug bounty, as Uber has suggested, or really an extortion payoff and hush money?
U.S. prosecutors have unsealed an indictment against an Iranian man charged with trying to extort entertainment company HBO for $6 million in bitcoins. The case marks a rare public naming of someone accused of cyber extortion, which poses an increasing risk for all organizations.
Kaspersky Lab says it "inadvertently" scooped up classified U.S. documents and code from an NSA analyst's home computer, but suggests it wasn't the conduit by which the material ended up in Russian hands. It claims that the computer was riddled with malware.