Magecart Spies Payment Cards From Retailer Vision Direct

Mathew J. Schwartz • November 19, 2018

Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details. Researchers say fake Google Analytics JavaScript designed to capture card details appears to have been planted by the prolific cybercrime gangs known as Magecart.

Authentication

Who Hijacked Google's Web Traffic?

Latest

Cybercrime

HHS Deputy Secretary Eric Hargan Describes Cyber Initiative

Marianne Kolbasuk McGee • November 19, 2018

So what's the mission of the newly launched Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, and how will it function? HHS Deputy Secretary Eric Hargan explains the initiative and addresses top healthcare sector cybersecurity challenges in this in-depth interview.

Cybersecurity

Texas Hospital Catches Dharma Ransomware Infection

Marianne Kolbasuk McGee • November 16, 2018

An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector?

3rd Party Risk Management

China's Hack Attacks: An Economic Espionage Campaign

Nick Holland • November 16, 2018

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.

Cybercrime as-a-service

GandCrab Ransomware: Cat-and-Mouse Game Continues

Mathew J. Schwartz • November 16, 2018

A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

Governance

Do the HIPAA Rules Hamper Coordinated Patient Care?

Marianne Kolbasuk McGee • November 15, 2018

Federal regulators plan to seek public comments on whether the HIPAA rules create barriers to sharing patient information among healthcare providers, hampering the ability to coordinate care. But some regulatory experts argue the problem is not the rules, but misunderstandings about what they allow.

Cybercrime

Romanian Hacker 'Guccifer' Extradited to US

Mathew J. Schwartz • November 15, 2018

The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has been extradited from Romania to begin serving his 52-month U.S. prison sentence.

Data Breach

Nordstrom Blames Breach of Employee Data on Contractor

Jeremy Kirk • November 14, 2018

The department store chain Nordstrom says it doesn't believe that employees' personal data, which was exposed in an October data breach due to a contractor's error, has been misused. The retailer says the breach exposed no customer data.

Anti-Fraud

Using Unsupervised Machine Learning: The Challenges

Varun Haran • November 14, 2018

While unsupervised machine learning techniques get away from the data labeling and classification that most supervised systems require, they are dependent on the quality and variety of the data provided, says Gartner's Jonathan Care.

Next-Generation Technologies & Secure Development

Threat Intelligence: Less Is More

Mathew J. Schwartz • November 13, 2018

Less can be more when it comes to gathering, consuming and acting on threat intelligence, says Bryn Norton, director of solutions architecture and security at telecommunications giant CenturyLink.

Endpoint Protection Platforms (EPP)

Analysis: FDA's Reworked Premarket Medical Device Guidance

Marianne Kolbasuk McGee • November 13, 2018

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details.

Business Email Compromise (BEC)

French Cinema Chain Fires Dutch Executives Over 'CEO Fraud'

Mathew J. Schwartz • November 13, 2018

French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Cyberwarfare / Nation-state attacks

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Mathew J. Schwartz • November 12, 2018

With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S. government is responding in multiple ways via a process of "defending forward" and "continuous engagement" that includes dumping foreign APT hackers' malware toolkits online for all to see.