After Mega-Breach, Marriott May Pay for New Passports

Jeremy Kirk • December 10, 2018

Victims of the massive Marriott International data breach, which exposed data for 500 million customers, including some passport numbers, may be able to claim reimbursement for the cost of obtaining a replacement passport, provided they can prove it led to fraud.

General Data Protection Regulation (GDPR)

Marriott's Mega-Breach: Many Concerns, But Few Answers

Latest

Cybercrime

Eastern European Bank Hackers Wield Malicious Hardware

Mathew J. Schwartz • December 10, 2018

Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab. It says that since 2017, the "DarkVishnya" attack campaign has hit at least eight Eastern European banks.

Artificial Intelligence & Machine Learning

A CISO's View on Analytics in Healthcare Security

Tom Field • December 10, 2018

The marketers would have us believe that machine learning and behavioral analytics are the keys to unlocking the future of healthcare information security. But Vikrant Arora, CISO of the Hospital for Special Surgery in New York, offers a more practical outlook.

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk • December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland • December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

3rd Party Risk Management

Emails Expose Sensitive Internal Facebook Discussions

Jeremy Kirk • December 6, 2018

A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field • December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.

3rd Party Risk Management

Applying Secure Multiparty Computation Technology

Geetha Nandikotkur • December 6, 2018

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

Cyberwarfare / Nation-state attacks

Top Republican Email Accounts Compromised

Jeremy Kirk • December 5, 2018

Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports. Few details have been released about the incident, which was investigated by Crowdstrike.

3rd Party Risk Management

Vendor Risks: Preparing for the Worst

Nick Holland • December 5, 2018

Testing an incident response plan for use when a vendor has a security incident is an essential component of risk management, says Phil Curran, CISO at Cooper University Health Care.

Cybersecurity

Avoiding Common Data Security Mistakes

Nick Holland • December 5, 2018

Common data security mistakes made by many organizations including having a static security plan that doesn't evolve, focusing solely on compliance and not testing incident response plans, says Monique Kunkel of NTT Data Services.

Cloud Security

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Jeremy Kirk • December 4, 2018

A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches; they recommend immediate updating.

Endpoint Security

Smart Cities: The Cybersecurity Challenges

Tom Field • December 4, 2018

"Smart cities" projects face huge cybersecurity challenges as they adopt advanced technologies, including IoT systems, says Adnan Baykal of the Global Cyber Alliance.