Senators Raise Issue of Regulating Facebook

CEO Zuckerberg Grilled at First of Two Congressional Hearings
At the first of two Congressional hearings this week, Facebook CEO Mark Zuckerberg on Tuesday faced questions from Republicans and Democrats alike about whether the government should more closely regulate his firm and others.
Source: Info Risk Today Senators Raise Issue of Regulating Facebook

Hackers Deface Popular Videos Published by Vevo

Pilfered Access Credentials Could Be to Blame
A handful of popular music videos published on YouTube were defaced on Tuesday, with two hackers claiming credit. But Google, which owns YouTube, says that tampering didn’t occur directly on its platform.
Source: Info Risk Today Hackers Deface Popular Videos Published by Vevo

Facebook's Zuckerberg Pledges Worldwide GDPR Compliance

Second Congressional Hearing Probes Privacy Issues
At a U.S. House hearing Wednesday, Facebook CEO Mark Zuckerberg said the company would eventually comply worldwide with the European Union’s tough privacy law, the General Data Protection Regulation.
Source: Info Risk Today Facebook’s Zuckerberg Pledges Worldwide GDPR Compliance

The 4 Pitfalls of Privileged Access Management

Bomgar’s Sam Elliott on Overlooked Areas of Security
Overlooked areas of security and defense include four pitfalls of privileged access management, says Sam Elliott of Bomgar, who offers insights on taking the right steps.
Source: Info Risk Today The 4 Pitfalls of Privileged Access Management

Mitigating Risks From Open Source and Third-Party Code

CA Veracode’s Chris Eng on New Strategies to Bolster Application Security
Organizations are developing new apps at the speed of business. But through the use of vulnerable code, they also are creating new risks just as fast. Chris Eng of CA Veracode offers new strategies and solutions to mitigate open source and third-party risks.
Source: Info Risk Today Mitigating Risks From Open Source and Third-Party Code

Breaches Tied to Chat Network Provider

Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same Vendor
A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider [24]7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Source: Info Risk Today Breaches Tied to Chat Network Provider

NJ AG Smacks Practice With Hefty Fine for Vendor Breach

Settlement Spotlights Vendor Risks, Plus State Enforcement Trends
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor’s misconfigured server. The case is the latest example of the risks posed by vendors.
Source: Info Risk Today NJ AG Smacks Practice With Hefty Fine for Vendor Breach

The Future of Secure Payments

Jim Cunha of the Boston Fed on Future-Proofing Against Fraud
The Secure Payments Task Force was established by the Federal Reserve Bank in 2015 in part to determine areas of focus and priorities for future action. Jim Cunha, a member of that task force, talks about how to advance payment system safety, fight fraud and ensure resiliency.
Source: Info Risk Today The Future of Secure Payments

Art Coviello on Fraud and the 2018 State of Security

RSA’s Ex-CEO Opens up on Cybercrime and Social Media Risks
Art Coviello, ex-CEO of RSA, is concerned about fraud trends and social media vulnerabilities. But he also is bullish on the opportunity for artificial intelligence and DevOps security to stop attacks before they cause harm.
Source: Info Risk Today Art Coviello on Fraud and the 2018 State of Security

Police Bust 20 Phishing Suspects in Italy, Romania

Arrests Came After a Two-Year Investigation of ‘Highly Organized’ Crime Group
Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. Phishing remains a favored criminal technique for harvesting account credentials and cryptocurrency, as well as corporate secrets.
Source: Info Risk Today Police Bust 20 Phishing Suspects in Italy, Romania

The Road to GDPR Compliance: 12 Steps to Take Now

The European Union’s General Data Protection Regulation will be enforced beginning May 25. Personal data must be protected or severe penalties may be imposed. Companies not located in the EU still need to prepare to comply with GDPR if they routinely execute transactions with EU citizens.
Source: Info Risk Today The Road to GDPR Compliance: 12 Steps to Take Now

Under Armour Reports Massive Breach of MyFitnessPal App

150 Million Accounts Exposed; Could Phishing Campaign Be Coming?
Under Armour says an unauthorized intruder gained access to information for the accounts of 150 million users of its MyFitnessPal mobile app and website. Learn why some fear the breach could lead to a massive phishing campaign.
Source: Info Risk Today Under Armour Reports Massive Breach of MyFitnessPal App

OCR Considering HIPAA Privacy Rule, Enforcement Changes

But Agency Will Seek Public Input First
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation’s top HIPAA enforcer. So, what changes are being considered?
Source: Info Risk Today OCR Considering HIPAA Privacy Rule, Enforcement Changes

Boeing Confirms 'Limited' Malware Outbreak

WannaCry Reportedly Identified by Boeing Executive as the Culprit
Boeing says that a malware outbreak affected a small number of systems but did not disrupt production. An executive has reportedly identified the malware as being WannaCry ransomware and called for “all hands on deck” to respond to the incident.
Source: Info Risk Today Boeing Confirms ‘Limited’ Malware Outbreak

Why Is Shadow IT So Common in Healthcare?

VA Watchdog Agency Report Cites Unauthorized Patient Database
The unauthorized deployment of an unsecured patient database is the latest instance of “shadow IT” spotlighted by a Department of Veteran’s Affair’s watchdog agency. The incident serves as a reminder to all healthcare entities about the patient data risks posed by unsanctioned technology deployments.
Source: Info Risk Today Why Is Shadow IT So Common in Healthcare?

OCR, ONC Get Flat Fiscal 2018 Funding

But What Will Funding Look Like Next Year?
Despite the White House’s request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Source: Info Risk Today OCR, ONC Get Flat Fiscal 2018 Funding

Spain Busts Alleged Kingpin Behind Prolific Malware

$1 Billion in Losses Tied to Gang Wielding Carbanak and Cobalt Malware
The alleged leader of a cybercrime gang tied to more than $1 billion in losses has been arrested in Alicante, Spain. Authorities say “Denis K.” is a Ukrainian national who led a gang that developed Carbanak and Cobalt malware to infect PCs as well as perpetrate ATM jackpotting attacks.
Source: Info Risk Today Spain Busts Alleged Kingpin Behind Prolific Malware

Misconfigured Server Exposes Patient Data

Security Researcher Discovers Apparent Breach at Medical Practice
A medical practice’s misconfigured database server that allegedly exposed information about thousands of patients plus staff serves as another reminder about the importance of safeguarding sensitive data from exposure on the internet.
Source: Info Risk Today Misconfigured Server Exposes Patient Data

DHS: Some GE Imaging Devices Are Vulnerable

Alert: Hackers Can Potentially Exploit Hardcoded and Default Credentials
A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.
Source: Info Risk Today DHS: Some GE Imaging Devices Are Vulnerable

Probes Begin as Facebook Slammed by Data Leak Blowback

CSO Leaves Early, Stock Dives, Outrage Abounds
Facebook may be facing the fight of its life. The social media company is seeing mounting pressure and a collective outcry over personal data for millions of its users having been collected by a voter-profiling firm once retained by the Trump campaign.
Source: Info Risk Today Probes Begin as Facebook Slammed by Data Leak Blowback