Spectre and Meltdown Flaws: Two More Variants Discovered

Mathew J. Schwartz • May 22, 2018

Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.

Governance

Report: Facebook App Exposed 3 Million More Users' Data

Latest

General Data Protection Regulation (GDPR)

GDPR: Is Australia Ready?

Jeremy Kirk • May 22, 2018

With enforcement of the EU's GDPR set to begin on May 25, Australian organizations vary in readiness. Steve Ingram of PwC says it's not too late for companies to prepare for GDPR, but it will be too late to ask regulators for forgiveness if something goes wrong.

Cybercrime

DDoS Attacker Receives 15-Year Sentence

Mathew J. Schwartz • May 21, 2018

John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.

General Data Protection Regulation (GDPR)

GDPR Compliance for US Healthcare: What You Need to Know

Marianne Kolbasuk McGee • May 21, 2018

Strict HIPAA compliance is a great preparation for compliance with the European Union's General Data Protection Regulation, which will be enforced starting May 25, according to attorneys Robert Stankey and Adam Greene, who provide compliance insights in an in-depth interview.

General Data Protection Regulation (GDPR)

GDPR: The Looming Impact on US Banks

Nick Holland • May 21, 2018

The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.

Data Breach

Respiratory Services Provider Lincare Settles Breach Case

Marianne Kolbasuk McGee • May 18, 2018

Respiratory care provider Lincare Inc. has signed an $875,000 settlement of a class action lawsuit brought by current and former employees in the wake of a 2017 breach involving a business email compromise scam. The company was previously fined by federal regulators after another breach.

Cybercrime

Health Data Breach Tally: The Latest Additions

Marianne Kolbasuk McGee • May 17, 2018

The number of health data breach victims added to the official federal tally so far in 2018 has doubled in recent weeks to more than 2 million. The largest breach of the year so far involved a break-in at a California government office.

Cybersecurity

As Payments Speed Up, How Can Fraud Be Minimized?

Nick Holland • May 17, 2018

Knowing as many details as possible about the customer, the payment and the recipient is a critical component of stopping fraud as payments become faster, says anti-fraud specialist David Barnhardt.

Authentication

DHS Issues More Medical Device Cybersecurity Alerts

Marianne Kolbasuk McGee • May 16, 2018

The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.

Electronic Healthcare Records

OCR Plans Do-Over for 'Accounting of Disclosures' Proposal

Marianne Kolbasuk McGee • May 15, 2018

Federal regulators plan to craft a new proposal for revamping a HIPAA Privacy Rule provision for "accounting of disclosures" of electronic patient records. Updating that rule was mandated under the HITECH Act, but the modification has been in limbo since 2011.

Anti-Malware

Mexico Investigates Suspected Cyberattacks Against 5 Banks

Jeremy Kirk • May 15, 2018

Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.

Breach Notification

Nuance Communications Breach Affected 45,000 Patients

Jeremy Kirk • May 14, 2018

Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.

Encryption

Uninstall or Disable PGP Tools, Security Researchers Warn

Mathew J. Schwartz • May 14, 2018

European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.