Latest

Breach Response

Senate Testimony: SEC Chairman Signals Cyber 'Mea Culpa'

Mathew J. Schwartz  •  September 26, 2017

The chairman of the Securities and Exchange Commission, Jay Clayton, will promise the Senate banking committee that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach, according to prepared testimony.

Anti-Malware

Trojanized CCleaner Investigation: Lucky Break

Jeremy Kirk  •  September 26, 2017

Researchers investigating the CCleaner malware outbreak have had a lucky break: The attackers' backup server shows that they pushed secondary malware onto systems at Intel, VMware, Fujitsu and Asus, among others, as part of what appears to be a very targeted attack campaign.

Breach Response

Do CISOs Need to 'Dumb Down' Cybersecurity for Boards?

Eric Chabrow  •  September 26, 2017

Experts speaking out on how boards of directors and CISOs must do a better job in strengthening board involvement on cybersecurity matters leads the latest edition of the ISMG Security Report. Also, "Catch Me if You Can" impostor Frank Abagnale on the Equifax hack.

Breach Notification

Report: Deloitte Suffered Breach Last Year

Mathew J. Schwartz  •  September 25, 2017

"Big four" accounting firm Deloitte suffered a breach last year that may have exposed 5 million internal emails as well as usernames and passwords, client information and health details, the Guardian reports.

►

Data Breach

Buying Cyber Insurance: Who Should Be Involved?

Marianne Kolbasuk McGee  •  September 25, 2017

All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.

Data Breach

Credit Union Sues Equifax Over Breach-Related Fraud Costs

Jeremy Kirk  •  September 25, 2017

Summit Credit Union of Wisconsin is seeking class-action status for a lawsuit against credit bureau Equifax. The credit union contends it will have to bear the fraud costs resulting from Equifax exposing a massive amount of U.S. consumer data in one of the worst data breaches ever seen.

Business Continuity/Disaster Recovery

UK Councils: 27 Percent Confirm Ransomware Outbreaks

Mathew J. Schwartz  •  September 25, 2017

Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.

Anti-Malware

Trojanized Avast CCleaner Attack Targeted Major Tech Firms

Mathew J. Schwartz  •  September 22, 2017

An attack campaign involving a trojanized version of the CCleaner Windows utility, built and distributed by British developer Piriform, was much more extensive than it first appeared and may have installed backdoor software on endpoints at hundreds of large technology firms.

Breach Notification

Profiting From the SEC Breach

Eric Chabrow  •  September 22, 2017

Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.

Breach Notification

Equifax's May Mega-Breach Might Trace to March Hack

Mathew J. Schwartz  •  September 21, 2017

Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.

Anti-Malware

Part of FTC Complaint Against D-Link Dismissed

Jeremy Kirk  •  September 21, 2017

A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.

►

CISO

Why Adding Technical Experts to Boards Is Urgent

Tracy Kitten  •  September 20, 2017

Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.