January 24, 2017

Cyber Incidents Hit 85% of Firms Over Past 12 Months, January 23, 2017

Eighty-five percent of executives say they were hit with a cyber incident in the past year, according to the 2016/2017 Kroll Annual Global Fraud and Risk Report. Malicious insiders prove the greatest threat.

Read More

Number of Data Breach Disclosures Jumped 40% in 2016

Jai Vijayan,, January 19, 2017

Last year witnessed few data breaches of the kind that rocked 2015 when organizations like Anthem, the Office of Personnel Management and Ashley Madison reported security incidents involving tens of millions of personal records. Still, 2016 was a pretty bad year for data breaches. New data from the Identity Theft Resource Center (ITRC) and CyberScout show that 2016, in fact, had more reported breaches than any previous year.

Read More

[Opinion] Encryption and Privacy: Why the FCC Needs to Consider Legal Reform of Wireless Policies

Michael Piscopo,, January 20, 2017

In our previous blog, we discussed how pagers used in medical settings present an opportunity for threat actors to intercept valuable protected health information (PHI) and disrupt encryption and privacy. For malicious hackers, radio-based communications are a potential attack vector that organizations should watch closely. The risk is real, as more than 85 percent of hospitals still rely on pagers for communication, and the PHI data transmitted is not monitored with the same level of scrutiny as other electronic mobile devices.

Read More

When Employees Leave with Your Secrets

James Pooley,, January 19, 2017

Recently I shared the podium with an FBI agent who was asked what frustrated him the most when trying to help businesses with trade secret theft. His answer was a surprise: they fire the guy too fast! He explained that when you discover someone might be mishandling information, your most important objective is to know what’s going on, and you could learn a lot more by keeping them around and watching what they do.

Read More

Adobe Acrobat Auto-Installed a Vulnerable Chrome Extension on Windows PCs

Graham Cluley,, January 19, 2017

Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017.
There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently installing a Google Chrome extension.

Read More

Case Study on How Regional Manufacturing Firms Are Increasingly Targets of Cybercrime

Claire J. Rauscher and Belton T. Zeigler,, January 19, 2017

As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast provides a striking real world example.

Read More

Lloyds Banking Group Reportedly Hit by DDoS Attack

Jeremy Kirk,, January 24, 2017

Lloyds Banking Group came under a distributed denial-of-service attack that hampered access to its online banking services for about two days earlier this month, several media outlets reported, citing anonymous sources.

Read More

Insurer Slapped with $2.2 Million HIPAA Settlement

Marianne Kolbasuk McGee,, January 18, 2017

In the final days of the Obama administration, the Department of Health and Human Services has issued its second HIPAA enforcement action for 2017. HHS’ Office for Civil Rights has entered a $2.2 million settlement with a Puerto Rican insurance company in the wake of its investigation of a 2011 breach involving a stolen unencrypted USB drive that affected only about 2,000 individuals.

Read More

Life’s a Breach – Sitting on That HIPAA Breach Notification Could Burn You

Sarah L. Bruno, Jade M. Kelly and Lourdes M. Turrecha,, January 19, 2017

On January 9, 2017, Presence Health agreed to settle with the U.S. Department of Health and Human Services (HHS) potential violations under the Breach Notification Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.

Read More
Infosecurity Newsletter Archive