NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.

Cloud Access Security Brokers (CASB)

US Imposes Sanctions on Iranian APT Group

Latest

Governance & Risk Management

Lessons to Learn From Shopify Data Breach

Doug Olenick • September 24, 2020

Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.

Breach Notification

Blackbaud Ransomware Breach Victims, Lawsuits Pile Up

Marianne Kolbasuk McGee • September 24, 2020

As the tally of reported heath data breaches related to the May ransomware attack on Blackbaud continues to climb, so do the number of lawsuits filed against the cloud-based fundraising software vendor.

Account Takeover Fraud

Police Crack SMS Phishing Operation

Jeremy Kirk • September 24, 2020

Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.

COVID-19

FBI, CISA Warn of Election Results Disinformation Campaigns

Prajeet Nair • September 23, 2020

With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.

HIPAA/HITECH

HHS Issues Yet Another Big HIPAA Breach-Related Fine

Marianne Kolbasuk McGee • September 23, 2020

For the second time this week, federal regulators have doled out a hefty financial fine in a HIPAA settlement after an investigation of a breach tied to a hacking incident.

COVID-19

COVID-19 Update: 'Live Like You're Contagious'

Tom Field • September 23, 2020

With colder weather, the flu season and the holidays ahead, the northern hemisphere is at risk of another major COVID-19 outbreak. Pandemic expert Regina Phelps says it's time to change behavior, and that starts here: "Live like you're contagious."

Cybercrime

Former 'Silk Road' Associate Pleads Guilty to Lying to Feds

Chinmay Rautmare • September 23, 2020

A member of the now-defunct "Silk Road" darknet marketplace surrendered to authorities this week and immediately pleaded guilty to making false statements to federal agents regarding his involvement with the creation of the notorious website, according to the Justice Department.

Cybercrime

Attacks Using Lokibot Information Stealer Surge

Akshaya Asokan • September 23, 2020

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. Fraudsters are using new methods to spread the malware.

Governance & Risk Management

Hefty HIPAA Fine After Breach Involving 'The Dark Overlord'

Marianne Kolbasuk McGee • September 22, 2020

Federal regulators have announced a $1.5 million HIPAA settlement with a Georgia orthopedic clinic stemming from a 2016 breach involving The Dark Overlord hacking group. The case serves as a warning of the potentially hefty cost of failure to implement a comprehensive HIPAA compliance program.

Cybercrime

'Dark Overlord' Hacker Sentenced to 5-Year Prison Term

Chinmay Rautmare • September 22, 2020

A U.K. resident who was a member of The Dark Overlord hacking group pleaded guilty to federal charges Monday and was sentenced to five years in prison, according to the U.S. Justice Department. The group targeted several healthcare organizations and others.

Anti-Money Laundering (AML)

Leaked FinCEN Reports Reveal Sensitive Security Details

Doug Olenick • September 22, 2020

What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.

Application Security

CISA Pushes Government Agencies to Patch 'Zerologon' Flaw

Jeremy Kirk • September 22, 2020

U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.