Researcher: Two India Hospitals Leaking Patient Information

Suparna Goswami • December 11, 2019

Security vulnerabilities at two major private hospitals in India have led to the leaking of personal data on millions of patients, says security researcher Avinash Jain, lead infrastructure security engineer at Grofers, who's not revealing the names of the hospitals because the leaks have not yet been fixed.

Account Takeover

Singapore's 'Fake News' Law Enforcement Draws Criticism

Latest

Blockchain & Cryptocurrency

Five Charged in $722 Million Cryptomining Ponzi Scheme

Scott Ferguson • December 11, 2019

The Justice Department has charged five individuals with running a high-tech Ponzi scheme that allegedly fleeced investors out of $722 million by falsely promising clients big returns as part of a cryptomining operation.

Endpoint Security

Intel Chips Vulnerable to 'Plundervolt' Attack

Jeremy Kirk • December 11, 2019

Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys. The findings are the latest bad news for Intel as researchers have dug deep into its chip architecture.

Endpoint Security

McAfee Considers Purchase of NortonLifeLock: Report

Akshaya Asokan • December 11, 2019

McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter."

Business Continuity Management / Disaster Recovery

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Jeremy Kirk • December 10, 2019

Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files.

Account Takeover

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Mathew J. Schwartz • December 10, 2019

One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.

Governance

FTC Sanctions Defunct Cambridge Analytica: So What?

Mathew J. Schwartz • December 9, 2019

The U.S. Federal Trade Commission has sanctioned data analytics firm Cambridge Analytica for misusing Facebook users' personal details as part of voter-targeting campaigns. Just one problem: The firm declared bankruptcy in May 2018. Meanwhile, voter microtargeting continues unchecked.

Artificial Intelligence & Machine Learning

8 Takeaways: Black Hat Europe's Closing 'Locknote' Panel

Mathew J. Schwartz • December 8, 2019

Security experts speaking on the ending "locknote" panel at this year's Black Hat Europe highlighted trends from the conference, including the rise of fuzzing, simplification via the cloud, increasing vendor transparency as well as the industry too often still failing to focus on the basics.

Governance

Balancing Digital Transformation and Security

Suparna Goswami • December 6, 2019

As companies go through a digital transformation, they should keep security top of mind, says Claire Hatcher of Kaspersky, who describes a layered approach.

Governance

Misconceptions About 'Zero Trust'

Suparna Goswami • December 6, 2019

A common misconception about the "zero trust" model is that once it's deployed, network security is no longer required, says Steven Hunter of Forescout.

Governance

How to Make a Security Transformation

Suparna Goswami • December 6, 2019

A successful digital transformation journey must include a security transformation journey that includes a careful examination of risks, says Ganesh Prasad of RSA.

Endpoint Security

Analysis: Smart TV Risks

Nick Holland • December 6, 2019

The latest edition of the ISMG Security Report offers an analysis of the FBI's security and privacy warnings about smart TVs. Also featured: discussions on the security of connected medical devices and strategies for fighting synthetic identity fraud.

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.