Millions of Instagram Users Affected by Plain-Text Password Storage Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.
Source: Info Risk Today Facebook Password, Email Contact Mishandling Worsens
Trump Administration Faces Call to Fully Combat Russia’s Election Interference Robert Mueller’s report into Russian interference clearly states: “The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” In the wake of the Trump administration lifting some Russian sanctions, one expert says it must take the opposite tack.
Source: Info Risk Today Mueller Report: With Russian Hacking Laid Bare, What Next?
Group, Apparently Backed By Iran, Was Broadening Its Targets, Analysts Say A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization’s methods and goals, analysts say.
Source: Info Risk Today Leak Exposes OilRig APT Group’s Tools
CEO Zuckerberg Grilled at First of Two Congressional Hearings At the first of two Congressional hearings this week, Facebook CEO Mark Zuckerberg on Tuesday faced questions from Republicans and Democrats alike about whether the government should more closely regulate his firm and others.
Source: Info Risk Today Senators Raise Issue of Regulating Facebook
Pilfered Access Credentials Could Be to Blame A handful of popular music videos published on YouTube were defaced on Tuesday, with two hackers claiming credit. But Google, which owns YouTube, says that tampering didn’t occur directly on its platform.
Source: Info Risk Today Hackers Deface Popular Videos Published by Vevo
Second Congressional Hearing Probes Privacy Issues At a U.S. House hearing Wednesday, Facebook CEO Mark Zuckerberg said the company would eventually comply worldwide with the European Union’s tough privacy law, the General Data Protection Regulation.
Source: Info Risk Today Facebook’s Zuckerberg Pledges Worldwide GDPR Compliance
Bomgar’s Sam Elliott on Overlooked Areas of Security Overlooked areas of security and defense include four pitfalls of privileged access management, says Sam Elliott of Bomgar, who offers insights on taking the right steps.
Source: Info Risk Today The 4 Pitfalls of Privileged Access Management
CA Veracode’s Chris Eng on New Strategies to Bolster Application Security Organizations are developing new apps at the speed of business. But through the use of vulnerable code, they also are creating new risks just as fast. Chris Eng of CA Veracode offers new strategies and solutions to mitigate open source and third-party risks.
Source: Info Risk Today Mitigating Risks From Open Source and Third-Party Code
Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same Vendor A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider 7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Source: Info Risk Today Breaches Tied to Chat Network Provider
Settlement Spotlights Vendor Risks, Plus State Enforcement Trends The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor’s misconfigured server. The case is the latest example of the risks posed by vendors.
Source: Info Risk Today NJ AG Smacks Practice With Hefty Fine for Vendor Breach
Jim Cunha of the Boston Fed on Future-Proofing Against Fraud The Secure Payments Task Force was established by the Federal Reserve Bank in 2015 in part to determine areas of focus and priorities for future action. Jim Cunha, a member of that task force, talks about how to advance payment system safety, fight fraud and ensure resiliency.
Source: Info Risk Today The Future of Secure Payments
RSA’s Ex-CEO Opens up on Cybercrime and Social Media Risks Art Coviello, ex-CEO of RSA, is concerned about fraud trends and social media vulnerabilities. But he also is bullish on the opportunity for artificial intelligence and DevOps security to stop attacks before they cause harm.
Source: Info Risk Today Art Coviello on Fraud and the 2018 State of Security
Arrests Came After a Two-Year Investigation of ‘Highly Organized’ Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. Phishing remains a favored criminal technique for harvesting account credentials and cryptocurrency, as well as corporate secrets.
Source: Info Risk Today Police Bust 20 Phishing Suspects in Italy, Romania
The European Union’s General Data Protection Regulation will be enforced beginning May 25. Personal data must be protected or severe penalties may be imposed. Companies not located in the EU still need to prepare to comply with GDPR if they routinely execute transactions with EU citizens.
Source: Info Risk Today The Road to GDPR Compliance: 12 Steps to Take Now
150 Million Accounts Exposed; Could Phishing Campaign Be Coming? Under Armour says an unauthorized intruder gained access to information for the accounts of 150 million users of its MyFitnessPal mobile app and website. Learn why some fear the breach could lead to a massive phishing campaign.
Source: Info Risk Today Under Armour Reports Massive Breach of MyFitnessPal App
But Agency Will Seek Public Input First Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation’s top HIPAA enforcer. So, what changes are being considered?
Source: Info Risk Today OCR Considering HIPAA Privacy Rule, Enforcement Changes
WannaCry Reportedly Identified by Boeing Executive as the Culprit Boeing says that a malware outbreak affected a small number of systems but did not disrupt production. An executive has reportedly identified the malware as being WannaCry ransomware and called for “all hands on deck” to respond to the incident.
Source: Info Risk Today Boeing Confirms ‘Limited’ Malware Outbreak
VA Watchdog Agency Report Cites Unauthorized Patient Database The unauthorized deployment of an unsecured patient database is the latest instance of “shadow IT” spotlighted by a Department of Veteran’s Affair’s watchdog agency. The incident serves as a reminder to all healthcare entities about the patient data risks posed by unsanctioned technology deployments.
Source: Info Risk Today Why Is Shadow IT So Common in Healthcare?