February 22, 2017

Cyber Security: What CISOs Should Know in 2017

Nikhil Taneja, MD,, February 16, 2017

Cyber-attacks have become commonplace. In many ways, the only “news” is that they continue to grow in frequency and variety. When dealing with the day to day, it can be difficult to tally the mounting toll associated with this awful state of affairs—and even more challenging to predict what surprises lie ahead. Based on industry trends, legal framework changes, expert insights and technological evolution, we make seven cyber security predictions as follows.

Read More

How Insufficient Network Segmentation Increases Your Security Risk

Paul Brandau,, February 16, 2017

The Challenges of Network Segmentation
Many of the clients we conduct penetration tests for are larger organizations that have thousands of hosts on a completely flat network. A flat network in this context can be thought of as a network in which all hosts are routable to all other hosts within the network. Meaning, it allows any two computers in the organization to communicate with each other, regardless of their geographic location or business purpose. A flat network can make IT administration simpler, but it also drastically increases the organization’s internal attack surface.

Read More

Is Your Company Equipped to Handle Insider Threats? Educate & Monitor

Faith MacAnas,, February 14, 2017

When it comes to data breaches, insiders can be riskier than outsiders, even when they aren’t maliciously targeting your company. Since insider threats are responsible for 43 percent of data breaches, it is important for business owners to take the necessary steps to reduce the likelihood that an employee will be responsible for a cyber-security incident.

Read More

Duqu Malware Techniques Used by Cybercriminals

Bruce Schneier,, February 16, 2016

Duqu 2.0 is a really impressive piece of malware, related to Stuxnet and probably written by the NSA. One of its security features is that it stays resident in its host’s memory without ever writing persistent files to the system’s drives. Now, this same technique is being used by criminals.

Read More

February Updates From Adobe, Microsoft

Brian Krebs,, February 19, 2017

A handful of readers have inquired as to the whereabouts of Microsoft‘s usual monthly patches for Windows and related software. Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its Flash Player software.

Read More

Hackers Behind Bank Attack Campaign Use Russian Decoy

Lucian Constantin,, February 20, 2017

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.

Read More

Reworked N.Y. Cybersecurity Regulation Takes Effect in March

Jeremy Kirk,, February 17, 2017

New York’s controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.

Read More

How Fraud Victims ‘Punish’ Their Banks

Jeremy Kirk,, February 20, 2017

Would you leave a bank after an unauthorized charge on a credit card or a strange debit from an account? It’s a question for financial institutions evaluating the impact of a security breach.
A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty.

Read More

First Three HIPAA Enforcement Actions of 2017, February 17, 2017

In continuation of its active beginning to the new year, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on February 1, 2017, that it imposed a HIPAA civil money penalty of $3.2 million on a Texas medical center (“Medical Center”). OCR issued the penalty for wrongful disclosure of unsecured electronic protected health information (“ePHI”) and for extended non-compliance with HIPAA requirements.

Read More

$5.5 Million HIPAA Settlement Shines Light on Importance of Audit Controls, February 17, 2017

The U.S. Department of Health & Human Services issued the following news release:
Memorial Healthcare Systems (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a robust corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities throughout the South Florida area. MHS is also affiliated with physician offices through an Organized Health Care Arrangement (OHCA).

Read More

HIPAA Compliance Audits: The Very Latest Details

Marianne Kolbasuk McGee,, February 20, 2017

Plans to launch some onsite HIPAA compliance audits are now on hold while the agency that enforces HIPAA completes more than 200 desk audit reports, says Deven McGraw, deputy director of the Department of Health and Human Services’ Office for Civil Rights.

Read More
Infosecurity Newsletter Archive