CEO Zuckerberg Grilled at First of Two Congressional Hearings
At the first of two Congressional hearings this week, Facebook CEO Mark Zuckerberg on Tuesday faced questions from Republicans and Democrats alike about whether the government should more closely regulate his firm and others.
Source: Info Risk Today Senators Raise Issue of Regulating Facebook
Pilfered Access Credentials Could Be to Blame
A handful of popular music videos published on YouTube were defaced on Tuesday, with two hackers claiming credit. But Google, which owns YouTube, says that tampering didn’t occur directly on its platform.
Source: Info Risk Today Hackers Deface Popular Videos Published by Vevo
Second Congressional Hearing Probes Privacy Issues
At a U.S. House hearing Wednesday, Facebook CEO Mark Zuckerberg said the company would eventually comply worldwide with the European Union’s tough privacy law, the General Data Protection Regulation.
Source: Info Risk Today Facebook’s Zuckerberg Pledges Worldwide GDPR Compliance
Bomgar’s Sam Elliott on Overlooked Areas of Security
Overlooked areas of security and defense include four pitfalls of privileged access management, says Sam Elliott of Bomgar, who offers insights on taking the right steps.
Source: Info Risk Today The 4 Pitfalls of Privileged Access Management
CA Veracode’s Chris Eng on New Strategies to Bolster Application Security
Organizations are developing new apps at the speed of business. But through the use of vulnerable code, they also are creating new risks just as fast. Chris Eng of CA Veracode offers new strategies and solutions to mitigate open source and third-party risks.
Source: Info Risk Today Mitigating Risks From Open Source and Third-Party Code
Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same Vendor
A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider 7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Source: Info Risk Today Breaches Tied to Chat Network Provider
Settlement Spotlights Vendor Risks, Plus State Enforcement Trends
The New Jersey state attorney general has smacked a medical practice with a $418,000 penalty for a 2016 HIPAA breach involving a vendor’s misconfigured server. The case is the latest example of the risks posed by vendors.
Source: Info Risk Today NJ AG Smacks Practice With Hefty Fine for Vendor Breach
Jim Cunha of the Boston Fed on Future-Proofing Against Fraud
The Secure Payments Task Force was established by the Federal Reserve Bank in 2015 in part to determine areas of focus and priorities for future action. Jim Cunha, a member of that task force, talks about how to advance payment system safety, fight fraud and ensure resiliency.
Source: Info Risk Today The Future of Secure Payments
RSA’s Ex-CEO Opens up on Cybercrime and Social Media Risks
Art Coviello, ex-CEO of RSA, is concerned about fraud trends and social media vulnerabilities. But he also is bullish on the opportunity for artificial intelligence and DevOps security to stop attacks before they cause harm.
Source: Info Risk Today Art Coviello on Fraud and the 2018 State of Security
Arrests Came After a Two-Year Investigation of ‘Highly Organized’ Crime Group
Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. Phishing remains a favored criminal technique for harvesting account credentials and cryptocurrency, as well as corporate secrets.
Source: Info Risk Today Police Bust 20 Phishing Suspects in Italy, Romania
The European Union’s General Data Protection Regulation will be enforced beginning May 25. Personal data must be protected or severe penalties may be imposed. Companies not located in the EU still need to prepare to comply with GDPR if they routinely execute transactions with EU citizens.
Source: Info Risk Today The Road to GDPR Compliance: 12 Steps to Take Now
150 Million Accounts Exposed; Could Phishing Campaign Be Coming?
Under Armour says an unauthorized intruder gained access to information for the accounts of 150 million users of its MyFitnessPal mobile app and website. Learn why some fear the breach could lead to a massive phishing campaign.
Source: Info Risk Today Under Armour Reports Massive Breach of MyFitnessPal App
But Agency Will Seek Public Input First
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation’s top HIPAA enforcer. So, what changes are being considered?
Source: Info Risk Today OCR Considering HIPAA Privacy Rule, Enforcement Changes
WannaCry Reportedly Identified by Boeing Executive as the Culprit
Boeing says that a malware outbreak affected a small number of systems but did not disrupt production. An executive has reportedly identified the malware as being WannaCry ransomware and called for “all hands on deck” to respond to the incident.
Source: Info Risk Today Boeing Confirms ‘Limited’ Malware Outbreak
VA Watchdog Agency Report Cites Unauthorized Patient Database
The unauthorized deployment of an unsecured patient database is the latest instance of “shadow IT” spotlighted by a Department of Veteran’s Affair’s watchdog agency. The incident serves as a reminder to all healthcare entities about the patient data risks posed by unsanctioned technology deployments.
Source: Info Risk Today Why Is Shadow IT So Common in Healthcare?
But What Will Funding Look Like Next Year?
Despite the White House’s request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Source: Info Risk Today OCR, ONC Get Flat Fiscal 2018 Funding
$1 Billion in Losses Tied to Gang Wielding Carbanak and Cobalt Malware
The alleged leader of a cybercrime gang tied to more than $1 billion in losses has been arrested in Alicante, Spain. Authorities say “Denis K.” is a Ukrainian national who led a gang that developed Carbanak and Cobalt malware to infect PCs as well as perpetrate ATM jackpotting attacks.
Source: Info Risk Today Spain Busts Alleged Kingpin Behind Prolific Malware
Security Researcher Discovers Apparent Breach at Medical Practice
A medical practice’s misconfigured database server that allegedly exposed information about thousands of patients plus staff serves as another reminder about the importance of safeguarding sensitive data from exposure on the internet.
Source: Info Risk Today Misconfigured Server Exposes Patient Data
Alert: Hackers Can Potentially Exploit Hardcoded and Default Credentials
A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.
Source: Info Risk Today DHS: Some GE Imaging Devices Are Vulnerable
CSO Leaves Early, Stock Dives, Outrage Abounds
Facebook may be facing the fight of its life. The social media company is seeing mounting pressure and a collective outcry over personal data for millions of its users having been collected by a voter-profiling firm once retained by the Trump campaign.
Source: Info Risk Today Probes Begin as Facebook Slammed by Data Leak Blowback