INFOSECURITY NEWSLETTER

February 8, 2017

15,000 Vulnerabilities Disclosed in 2016 – Major Vendors Continue to Be Affected

Riskbasedsecurity.com, February 6, 2017

Risk Based Security today announced the release of the annual VulnDB QuickView report that shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during 2016 by Risk Based Security eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by more than 6,500

Read More

Zero-Day Windows File-Sharing Flaw Can Crash Systems, Maybe Worse

Lucian Constantin, Computerworld.com, February 3, 2017

The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.

Read More

Malware Distributors Switch to Less Suspicious File Types

Lucian Constantin, Computerworld.com, February 6, 2017

Cybercriminals are ramping up efforts to recruit employees with access to corporate networks. The Dark Web, which promises anonymity to rogue insiders, is driving that trend.

Read More

Criminals Release Fewer New Types of Malware Last Year, Double Down on Ransomware

Maria Korolov, Csoonline.com, February 7, 2017

Cybercriminals have been producing fewer new kinds of malware last year — but that’s because they’re so busy raking in the money from their ransomware attacks.

Read More

Protecting Against Inside and Outside Threats

Melissa Thompson, Dzone.com, February 6, 2017

With a new or small business, taking steps to be safe from online crime should be an important part of your company’s daily routine.
While you don’t want to operate from a position of fear, a healthy respect for security with your technology and the internet is vital. Hackers really are out there, looking for vulnerability. Have you established security routines for all of your staff? Once you or your IT group develop a plan, debug your system, and train staff on security, you’re part way there.

Read More

Online Card Fraud up as Thieves Avoid More Secure Chip Cards for In-Store Payments

Matt Hamblen, Computerworld.com, February 3, 2017

One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud.
Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts.

Read More

FBI: Cybercrime Gang Stole $1.2 Million via Bank Malware

Mathew J. Schwartz, healthcareinfosecurity.com, February 6, 2017

Using malware to infect individuals’ PCs and drain their bank accounts continues to be a lucrative source of income for criminals, but such cybercrime has never been a risk-free undertaking.

Read More


Preventing Insider Threats From Affecting Health Data Security

Healthitsecurity.com, February 7, 2017

There are numerous potential threats to health data security, and the increasingly complex level of technology will only help add to that threat level. Insider threats are one key area of concern, as careless or poorly trained employees could compromise sensitive information.

Read More

Why HIPAA Compliance Matters: How A “Small” Breach Can Yield a Large Fine

Christina Hultsch, Technologylawsource.com, January 31, 2017

The new year continues as the old ended, with HIPAA enforcement actions. On Jan. 11, 2017, MAPFRE Life Insurance Company of Puerto Rico (MAPFRE Life) entered into a Resolution Agreement with the United States Department of Health and Human Services, Office for Civil Rights (HHS) in which MAPFRE Life agreed to pay approximately $2.2 million and enter into a corrective action plan (CAP) with a duration of three years in exchange for a release of HHS’ claims related to certain HIPAA violations by MAPFRE Life.

Read More

$3.2 Million HIPAA Fine: An Analysis

Marianne Kolbasuk McGee, Healthcareinfosecurity.com, February 2, 2017

Federal HIPAA enforcers smacked a Texas pediatric hospital with a whopping $3.2 million civil monetary penalty after investigating breaches involving unencrypted mobile devices and uncovering longstanding failures to comply with HIPAA.

Read More
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th