Organizations running Drupal sites with known vulnerabilities that have been exploited include the Green Party of California. (Image: Malwarebytes)

Websites Still Under Siege After 'Drupalgeddon' Redux

Jeremy Kirk • May 21, 2018

Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.

Fraud

4 Essential Steps to Ensure IoT Security

Latest

Privacy

FCC to Investigate US Mobile Phone Location-Revealing Flaw

Mathew J. Schwartz • May 21, 2018

Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.

Data Breach

GDPR: The Looming Impact on US Banks

Nick Holland • May 21, 2018

The EU's General Data Protection Regulation, which will be enforced beginning May 25, has significant implications for how financial institutions worldwide handle customer data, says Brett King, CEO of Moven, an all-digital bank, who sizes up the challenges.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Cybercrime

Noose Tightens Around Dark Overlord Hacking Group

Jeremy Kirk • May 17, 2018

The noose appears to be tightening around the Dark Overlord, a group of international hackers who have stolen and held for ransom sensitive information from dozens of companies, healthcare organizations and U.S. public schools. Serbian police say they've arrested a suspect in cooperation with the FBI and U.K....

Authentication

DHS Issues More Medical Device Cybersecurity Alerts

Marianne Kolbasuk McGee • May 16, 2018

The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems.

Data Breach

US Government Plans to Indict Alleged CIA Leaker

Jeremy Kirk • May 16, 2018

A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.

Cybersecurity

White House Axes Top Cybersecurity Job

Mathew J. Schwartz • May 16, 2018

The Trump administration has eliminated the top cybersecurity coordinator role in the White House. The decision has earned a sharp rebuke from lawmakers and former government officials, who say cybersecurity demands a greater - not lesser - prominence in the federal government.

Anti-Malware

Mexico Investigates Suspected Cyberattacks Against 5 Banks

Jeremy Kirk • May 15, 2018

Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.

General Data Protection Regulation (GDPR)

Assessing GDPR Compliance Readiness in the Middle East

Geetha Nandikotkur • May 14, 2018

Samir Pawaskar, a Qatar-based cybersecurity and privacy practitioner, discusses key steps many Middle East organizations must still take to comply with the European Union's General Data Protection Regulation, which will be enforced starting May 25.

Breach Notification

Nuance Communications Breach Affected 45,000 Patients

Jeremy Kirk • May 14, 2018

Speech recognition software vendor Nuance Communications says an unauthorized third party accessed one of its medical transcription platforms, exposing records for 45,000 people. The company has blamed the breach on a former employee, who accessed personal data from several of Nuance's clients.

Fraud

Sizing Up the Impact of Synthetic Identity Fraud

Nick Holland • May 14, 2018

Credit card losses due to synthetic identity fraud exceeded $800 million in the U.S. last year, says Julie Conroy of Aite Group, who analyzes the evolving threat and offers mitigation insights.

Encryption

Crypto Fight: US Lawmakers Seek Freedom From Backdoors

Jeremy Kirk • May 11, 2018

A bipartisan group of U.S. lawmakers has reintroduced legislation in the House that would stop the government from forcing software vendors to intentionally weaken their products for surveillance purposes. Two prior attempts to enact the legislation in Congress have failed.