Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading
The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most damaging data breaches in history. The vulnerability was first disclosed in March 2017 and is believed to have affected (and is still affecting) hundreds of … Continue Reading
Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading
In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading
The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and identified … Continue Reading
Ensuring that technical data is compliant with both export regulations and cybersecurity requires an understanding of what export controlled technical data/technology relate to and how they work together. The two major export control regulations, The International Traffic In Arms Regulations (ITAR) and the Export Administration Regulations (EAR), define controlled technical data/technology differently. Click for the ITAR … Continue Reading
Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading
The Securities and Exchange Commission (SEC) has admitted that it was the victim of a cyberattack in 2016 that exposed information that may have been used for insider trading. The hack involved the SEC’s filing database, known as EDGAR. The admission was on the heels of a Government and Accountability Office report in July that … Continue Reading
The U.S. Department of Homeland Security (DHS) recently issued a warning that Smiths Medical Medfusion 4000 wireless syringe infusion pumps contain a security vulnerability that can be exploited by hackers to alter the performance of the medical devices. The devices are used to infuse small doses of medication to patients and are used in acute … Continue Reading
Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities. When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they … Continue Reading
DNV GL recently issued a new globally applicable recommended practice (DNLVGL-RP-G108) to assist oil and gas operators, system integrators and managers, and vendors in the offshore industry to manage increasing cybersecurity threats. The guidance is designed to help the oil and gas industry improved the security of their operational technology. A Ponemon Institute study found … Continue Reading
The Internal Revenue Service (IRS) has issued a warning alerting the public to a new email phishing scam that looks like a joint notice from the IRS and FBI about new tax laws. The phishing email uses the emblems of both agencies, and asks recipients to download an FBI questionnaire related to “changes of tax … Continue Reading
We continue to try to alert our clients about the changing threat landscape in cybersecurity. We keep saying how the threats are becoming more and more sophisticated and more and more frequent, and that companies must acknowledge and address the threat as a high priority. Cisco publishes cybersecurity reports that outline the threats to businesses … Continue Reading
The Food and Drug Administration (FDA) has issued a recall of 465,000 St. Jude Medical pacemakers in order to push a mandatory firmware patch of vulnerabilities in six types of radio controlled cardiac pacemakers. According to the FDA, it “has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s FR-enabled implantable cardiac pacemakers … Continue Reading
Following the catastrophic flooding caused by Hurricane Harvey in the Gulf Coast, many local and national nonprofits quickly mobilized to respond to survivors’ immediate needs and begin planning for the long-term recovery of affected communities. There has been an amazing outpouring of support for the relief efforts from donors across the country, as volunteers are … Continue Reading
The United States Navy is investigating whether the recent collision of the USS John S. McCain with a Liberian tanker off Singapore may have been caused by a cyber-attack. According to Admiral John Richardson, the investigation will look into “the possibility of cyber intrusion or sabotage.”… Continue Reading
This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.” The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use … Continue Reading
The National Institute of Science and Technology (NIST) has long been a leading authority in Cybersecurity—even before Cybersecurity became a household name. It originally published its Cybersecurity Framework-intended not to be a standard, but to offer guidance—to all industries on how to begin to tackle data security. As cyber threats expand and become more sophisticated, … Continue Reading
We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading
The Department of Homeland Security and Siemens Healthineers has identified cybervulnerabilities in the Windows 7-based versions of Siemens PET/CT systems, SPECT systems, SPECT/CT Systems and SPECT Workplaces/Symbia.net and have issued a warning concerning the vulnerabilities. Although Siemens is working on updates for the affected diagnostic imaging systems, it is recommending that customers operate the systems … Continue Reading
Nevada has become the third state in the Union to adopt a law that requires operators of websites and online services to provide notice to consumers who are Nevada residents of their practices around the collection and sharing of personal information, including consumers’ names, address, email address, telephone number, Social Security number or an identifier … Continue Reading
Cybersecurity for critical infrastructure continues to be of concern, including the transportation sector. A new study by ABI Research concludes that although the transportation sector continues to increase spending on cybersecurity year over year, the rapid digitization of airports, aircraft, trains, ships, and cars puts this sector at risk. The study mentions that poor cybersecurity … Continue Reading
Students 16 and over who live in Virginia, Michigan, Iowa, Hawaii, Nevada, Delaware and Rhode Island—you may be eligible to participate in a new cybersecurity skills program called CyberStart. You have to have access to the Internet and a computer to participate. CyberStart is “a forward-thinking skills program designed to supply specialist cyber security education … Continue Reading
On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading
