January 18, 2017

Top Five Data Breach Trend Predictions for 2017

Natalya Northrip,, January 10, 2017

Businesses should take steps to protect usernames, email addresses, passwords, and security questions and answers.
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI.[1] As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.

Read More

Who Can We Trust in 2017? The Cyber Attacks Shaking Our Faith – Threat of the Month

Dave Palmer,, January 16, 2017

‘Trust’ attacks in the news
A new year, a new threat. Modern attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. In 2017 we expect to see attackers use their ability to hack information systems not just to make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in the data itself.

Read More

Ransomware: How a Security Inconvenience Became the Industry’s Most-Feared Vulnerability

Gur Shatz,, January 16, 2017

The word “ransomware” conjures up images of dark cloaks and even darker alleys, and not surprisingly, the level of media attention has been unprecedented. The fact that news stories measure the affect of ransomware in terms of cash helps grab the public’s attention. (One analysis estimates more than $1 billion in ransoms were paid out in 2016).

Read More

Report: Attacks Based on Open Source Vulnerabilities Will Rise 20 Percent This Year

Maria Korolov,, January 17, 2017

As open source code becomes more prevalent in both commercial and home-grown applications, the number of attacks based on its vulnerabilities will increase by 20 percent this year, predicted Black Duck Software, which collects statistics about open source projects.

Read More

Adobe, Microsoft Push Critical Security Fixes

Brian Krebs,, January 17, 2017

Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.

Read More

Ransomware Rising on the Plant Floor

Kelly Jackson Higgins,, January 11, 2017

All eyes may be on Russian and other nation-state hacking threats to power grids and other critical infrastructure facilities, but ransomware is already disrupting plants and, in at least one case, causing a power outage.

Read More

ATM Malware Retooled to Strike More Machines

Jeremy Kirk,, January 16, 2017

In early 2013, cybercriminals began deploying in Mexico what some security experts described as one of the most advanced pieces of malware that’s ever been built to steal money from ATMs. Nicknamed Ploutus, it evolved to become the first ATM malware that could be controlled remotely by a mobile phone.

Read More

Why a HIPAA Security Analysis Is Not Enough

Marianne Kolbasuk McGee,, January 12, 2017

Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing protected health information, larger entities should also perform much more comprehensive security self-assessments, advises CISO David Loewy.

Read More

Healthcare Security Alert: Why Do Doctors Still Use Pagers?

Michael Piscopo,, January 12, 2017

It’s a late Saturday morning and Joe Hacker (aka WF4EAK in underground hacking circles) fires up the software-defined radio (SDR) he bought online for $20 to listen in on the local hospital paging traffic. After all, he is trying to make a few extra bucks to buy a new Xbox, and selling healthcare information on the black market has turned into a lucrative side job. Let’s face it, organizations that are strictly following HIPAA guidelines and other healthcare regulations have made it harder to hack into hospitals. So how’s a hacker supposed to get to that protected healthcare information (PHI) to make some fast cash?

Read More

FTC Files Complaint Against Device Maker Concerning Alleged Failures to Reasonably Secure Routers and Internet Protocol (IP) Cameras

BuckleySandler LLP,, January 13, 2017

On January 5, the FTC announced that it was initiating and enforcement action against a Taiwanese computer networking equipment manufacturer and its U.S. subsidiary. In a complaint filed with the Northern District of California, the FTC charged that the device-manufacturer failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras. Specifically, the FTC alleged that hackers could exploit these vulnerabilities using any of several “simple methods.”

Read More
Infosecurity Newsletter Archive