SEC Plans Cybersecurity Guidance Refresh: What to Expect


Breach Notification Timing and Insider Trading Rules Among Expected Changes
The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurity guidance for how publicly traded firms report data breaches to investors. Experts expect the refined guidance to cover insider trading program rules, breach notifications and business models.
Source: Info Today SEC Plans Cybersecurity Guidance Refresh: What to Expect

Forever 21 Suffered 7-Month POS Malware Attack


Retailer Confirms US Payment Card Data Breach; International Probe Continues
Apparel retailer Forever 21 says point-of-sale systems in some stores were infected by malware for up to seven months, leading to the theft of customers’ payment card data. The retailer says deactivated encryption technology on some POS devices exacerbated the severity of its breach.
Source: Info Today Forever 21 Suffered 7-Month POS Malware Attack

Analysis: Substance Abuse Confidentiality Rule Changes


Experts Assess Modifications and Whether Further Alignment With HIPAA Is Needed
Despite receiving requests to better align a federal rule regarding the confidentiality of substance abuse records with the requirements of HIPAA, federal regulators only made minor tweaks to the confidentiality rule. Some experts say Congress would have to take action to pave the way for further changes.
Source: Info Today Analysis: Substance Abuse Confidentiality Rule Changes

Open Banking in the Digital Era

Read more here:: Info Risk Today

The Power of Visual Fraud Data

Rik Van Bruggen of Neo4J on How Graph Technology Can Improve Fraud Detection
Cross-channel fraud is a growing problem for banking institutions. But Rik Van Bruggen of Neo4J says that the use of graph technology can go far to help spot and respond to connected fraud patterns.

Read more here:: Info Risk Today

BadRabbit Attack Appeared To Be Months In Planning

Ukraine-Focused Strains of Ransomware Continue to Increase Like Rabbits
The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who’s gunning for Ukraine and how many organizations will be caught in the crossfire?

Read more here:: Info Risk Today

The Next IoT Botnet Has Improved on Mirai

Called Reaper or IoTroop, Botnet Exploits Vulnerabilities
Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, which is botnet code that perhaps is related Mirai but spreads in a much different way.

Read more here:: Info Risk Today

DHS Imposes Email Security Measures on Federal Agencies

Directive Requires Adoption of DMARC Anti-Spoofing System
A new directive from the U.S. Department of Homeland Security elevates federal agencies’ email security to the DMARC standard that’s widely adopted by commercial email providers, including Google, Yahoo and Microsoft.

Read more here:: Info Risk Today

Hyatt Hotels Suffers International Payment Card Data Breach

15-Week Malware Attack Stole Card Data From 41 Hotels Across 11 Countries
For the second time in two years, Hyatt Hotels suffered a payment card data breach after attackers infected payment card processing systems with malware. This year’s breach lasted for over three months and affected 41 Hyatt hotels across 11 countries.

Read more here:: Info Risk Today

FBI to DDoS Victims: Please Come Forward

Bureau Issues Stresser/Booter and Internet of Things Warnings
The FBI is asking all U.S. victims of DDoS attacks to please come forward. The bureau’s plea for more information from cyberattack victims parallels similar requests made this week by British authorities speaking at ISMG’s Fraud and Breach Prevention Summit in London.

Read more here:: Info Risk Today

Clinic Pays Ransom After Backups Encrypted in Attack

Situation Spotlights Tough Decisions Healthcare Entities Can Face After Ransomware Strikes
A small Missouri clinic admits paying a ransom to unlock data after a ransomware attack in August encrypted patient data on a file server, as well as backups. The incident spotlights the dilemmas healthcare organizations can face after a ransomware attack if they’re not well-prepared.

Read more here:: Info Risk Today

U.S. Supreme Court to Hear Microsoft Data Warrant Case

Microsoft Slams What It Calls a ‘Floppy Disk Law’ in a Cloud Computing Era
Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That’s the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.

Read more here:: Info Risk Today

WiFi Security Shredded via KRACK Attack

Most WiFi Devices Vulnerable to WPA2-Targeting Exploits
A Belgian security researcher has discovered a “serious weakness” in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.

Read more here:: Info Risk Today

Hacker Steals Joint Strike Fighter Plans in Australia

‘Extensive and Extreme’ Contractor Breach Compromises Jet and Navy Data
A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor’s IT helpdesk and stole data for the country’s F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.

Read more here:: Info Risk Today

Contest Aims to Improve Health Data Exchange Security

In Search of a Security Component for the New FHIR Standard
The new FHIR standard is designed to help ease the exchange of health data among healthcare organizations across the nation. But there’s one problem: The standard lacks a strong security component. That’s why federal regulators have launched a competition to devise ways to enhance security for FHIR.

Read more here:: Info Risk Today

How Are Increasing Cybersecurity Regulations Impacting Your Vendor Risk Management Strategy?

Read more here:: Info Risk Today

Cyber Ransom Group Hits Soft Targets: US Schools

FBI Pursues ‘The Dark Overlord’ as Group Escalates Extortion Tactics
The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn’t to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group’s ransoms.

Read more here:: Info Risk Today

Senators Portray Patient Matching as an Urgent Issue

Watchdog Agency Asked to Produce ‘Clear Recommendations’ to Improve Quality, Avoid Fraud
A bipartisan group of five senators has asked a watchdog agency to produce “clear recommendations” for how to make sure the right patients are matched to the right records to help improve the quality of care and crack down on medical and identity fraud. But will that require a national patient identifier?

Read more here:: Info Risk Today

Hackers Practice Unauthorized ATM Endoscopy

New Black Box Cash-Out Attack Seen in Mexico; Black Box Attacks Surge in Europe
Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with “black box” attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.

Read more here:: Info Risk Today

Report: Malware-Wielding Hackers Hit Taiwanese Bank

Using SWIFT, Attackers Routed $60 Million to Sri Lanka, Cambodia, United States
Malware-wielding attackers reportedly hacked into a Taiwanese bank last week and transferred nearly $60 million via fraudulent SWIFT money-moving messages to accounts in Cambodia, Sri Lanka and the United States. Authorities say most of the stolen funds have been recovered.

Read more here:: Info Risk Today