Trending Articles

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas.

Supply Chain Security 101: An Expert’s View

Krebs on Security

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency.

How DNA Databases Violate Everyone's Privacy

Schneier on Security

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.

Expert released PoC Code Microsoft Edge Remote Code Execution flaw

Security Affairs

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical.

Trends 111

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

Patch Tuesday, October 2018 Edition

Krebs on Security

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Tips 176

More Trending

30k+ Pentagon Employees Compromised in Data Breach

Adam Levin

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The hack was first detected on October 4th, but may have occurred months ago and could have affected more accounts than initially reported.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world.

GandCrab Ransomware Partners With Crypter Service

Data Breach Today

Gang's Cult Status and Marketing Savvy Belies Shoddy Attack Code, McAfee Says The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships.

How to detect a data breach

IT Governance

The need for speed. Data breaches can have serious financial consequences for organisations of all sizes. The faster a breach can be detected and contained, the lower the costs for the organisation.

Security in a World of Physically Capable Computers

Schneier on Security

It's no secret that computers are insecure. Stories like the recent Facebook hack , the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

CINRA Act Looks to Standardize Breach Notification

Adam Levin

A bill seeking to standardize data breach notifications for the financial industry at the federal level was passed this week by the House Financial Services Committee. Bill H.R.

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs.

Facebook Clarifies Extent of Data Breach

Data Breach Today

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected

Weekly Update 108

Troy Hunt

I'm in Texas! And I've had enough BBQ to last me a very long time. I'm here doing a couple of speaking events and other related things as well as taking some time out with my wife to see the sites.

Cybersecurity Awareness Month Blog Series: It’s Cybersecurity Awareness Month – advice to SMBs

Thales Data Security

This October marks the 15 th year of Cybersecurity Awareness Month.

CIP Spotlight: Devon McCollum is Serious About the Information Industry

AIIM

Why choose certification? For me, it's about proof (to myself and to employers) of my expertise.

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel.

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Risk 182

Government Perspective on Supply Chain Security

Schneier on Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now. cybersecurity infrastructure internetofthings nationalsecuritypolicy nsa

Cybersecurity Awareness Month Blog Series: Alright boys, it’s time we have “The Talk”

Thales Data Security

As a father of two teenage boys, I should have seen this coming. It was time to have the talk about the right, wrong, and applying good judgement of things found on the Web.

Why is the GDPR still something I should be concerned about?

IT Governance

The EU’s GDPR (General Data Protection Regulation) superseded all laws based on the EU’s Data Protection Directive, including the UK’s Data Protection Act 1998, on 25 May 2018.

GDPR 81

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers.

Mining 100

Medtronic Cardiac Devices Recalled Due to Cyber Concerns

Data Breach Today

FDA Announces 'Voluntary Recall' Related to Vulnerabilities The FDA has announced a "voluntary recall" by Medtronic of certain internet-connected programmers for implantable cardiac devices due to cybersecurity vulnerabilities.

How to Check If Your Facebook Account Got Hacked—And How Badly

WIRED Threat Level

Facebook Friday offered more details about its recent breach. Here's how to see if you were affected. Security

Are Data Breaches the New Reality for Retail?

Thales Data Security

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences.

Know your enemy – understanding the 7 different types of data breaches

IT Governance

Every day almost 7 million data records are compromised , with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics.

Ex-NASA contractor pleaded guilty for cyberstalking crimes

Security Affairs

A former NASA contractor has pleaded guilty for a cyberstalking scheme, the man blackmailed seven women threatening to publish their nude pictures.

10 Cyberattacks Investigated Weekly by UK

Data Breach Today

Majority of Incidents Trace to Hostile Nation-States, NCSC Says The U.K.'s s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Schneier on Security

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I

Robert Mueller Has Already Told You Everything You Need To Know

WIRED Threat Level

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Security

How Cyber Essentials can help secure your devices and software

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete

Security Affairs

Experts from 0Patch revealed that the Microsoft Zero-Day Patch for JET Database Engine vulnerability ( CVE-2018-8423 ) is incomplete.

Aetna Hit With More Penalties for Two Breaches

Data Breach Today

Cases Involved Mailings That Potentially Exposed Sensitive Health Information Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update

Kanye’s Password

Roger's Information Security

Everyone and his brother, inside of infosec and outside has been chortling at Kanye’s iPhone password. Its 00000. Not everyone is in on the joke. Some express OUTRAGE. “how how dare you share that man’s password” (it was on CNN, its out there now).

Privacy for Tigers

Schneier on Security

Ross Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images.