Varsha Sewlal on Data Protection Framework Compliance

Suparna Goswami • December 8, 2021

Ensuring compliance with the data protection framework is one of the big challenges for enterprises in South Africa, says Varsha Sewlal, the executive officer for legal, policy, research and information technology analysis and the deputy information officer with the Information Regulator South Africa. She discusses

►

Training & Security Leadership

Alert: 'Cuba' Ransomware Slams Critical Sector Organizations

Latest

Blockchain & Cryptocurrency

Google TAG Disrupts Blockchain-Enabled Botnet

Mihir Bagwe • December 8, 2021

A botnet operation called Glupteba has been disrupted by Google's Threat Analysis Group. The botnet targeted more than 1 million Microsoft Windows users in the U.S, India, Brazil and Southeast Asia. Also, Google has filed a lawsuit against two Russians alleged to be the botnet's operators.

Business Continuity Management / Disaster Recovery

Canada Busts Suspect Tied to 'Multiple Ransomware Attacks'

Mathew J. Schwartz • December 8, 2021

Canadian police have arrested Matthew Philbert on suspicion of being tied to multiple ransomware and malware attacks that amassed domestic victims. Separately, a U.S. indictment charges Philbert with perpetrating an attack against the state of Alaska that breached personal and medical information.

Breach Notification

Maryland Health Dept. Systems Still Affected by Incident

Marianne Kolbasuk McGee • December 7, 2021

While the Maryland Department of Health's public website is operational again after a weekend network security incident, certain systems continue to be offline. Officials are asking employees not to use state-issued computers as state authorities and law enforcement agencies investigate.

Breach Notification

Attack Wipes 25 Years' Worth of Data From Local Electric Co.

Dan Gunderman • December 7, 2021

An electric cooperative serving two western Colorado counties says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data, leaving the utility operating under limited functionality, according to the company and local reports.

Active Defense & Deception

Microsoft Gets Court Order to Disrupt Chinese Cyber Ops

Prajeet Nair • December 7, 2021

A U.S. federal court in Virginia has paved the way for Microsoft to disrupt the activities of China-based hacking group Nickel. Microsoft will target websites that the threat actor uses to gather intelligence from government agencies, think tanks and human rights organizations.

3rd Party Risk Management

Kafdrop Flaw Puts Data of 'Major Global Players' at Risk

Rashmi Ramesh • December 6, 2021

A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.

Blockchain & Cryptocurrency

Nearly $200 Million Stolen in BitMart Crypto Exchange Hack

Dan Gunderman • December 6, 2021

Nearly $200 million has reportedly been stolen from the cryptocurrency exchange BitMart, one of the top centralized crypto exchanges by volume, according to China-based blockchain analytics firm PeckShield, which tracked the heist beginning Saturday.

3rd Party Risk Management

Microsoft Teams’ New Feature Sparks Security Concerns

Soumik Ghosh • December 6, 2021

A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.

Electronic Healthcare Records

Medical Workers Plead Guilty to PHI Access-Related Crimes

Marianne Kolbasuk McGee • December 6, 2021

A medical biller in Florida and an emergency medical technician in New York have each pleaded guilty in two separate federal cases involving the criminal misuse of patient information. One case involved healthcare fraud and identity theft, and the other criminal HIPAA violations.

Incident & Breach Response

Researcher: Healthcare Staffing Database Exposed Worker PII

Marianne Kolbasuk McGee • December 3, 2021

A security researcher says a misconfigured, non-password-protected database of a healthcare staffing company potentially exposed the personal information in about 170,000 medical worker records. The staffing firm, however, disputes the details of what was allegedly contained in the database.

3rd Party Risk Management

TSA Issues New Cybersecurity Requirements for Rail Sector

Dan Gunderman • December 3, 2021

The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.

Anti-Phishing, DMARC

Ingredients of a Good Insider Risk Program

Suparna Goswami • December 3, 2021

Any technology that allows you to do a full-person assessment by taking into account nontechnical data as well as technical data is a value-add to an insider risk program, says Peter J. Lapp, former special agent at the FBI. He discusses the ingredients in a good insider risk program.