Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

“KRACK” WiFi Security Vulnerability Discovered

Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading

Arkansas Surgery Center Hit with Ransomware

Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading

McAfee Report Lists Health Care Sector as Most Targeted Industry for Cyber-Attacks

In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading

U.S. Treasury Warns Financial Institutions of Venezuelan Corruption and Money Laundering

The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and identified … Continue Reading

To Be Cyber Secure – May Not Mean You Are Export Secure

Ensuring that technical data is compliant with both export regulations and cybersecurity requires an understanding of what export controlled technical data/technology relate to and how they work together. The two major export control regulations, The International Traffic In Arms Regulations (ITAR) and the Export Administration Regulations (EAR), define controlled technical data/technology differently. Click for the ITAR … Continue Reading

Aviation and Petrochemical Industries Subject to Hacking by Iran

Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading

SEC Hacked!

The Securities and Exchange Commission (SEC) has admitted that it was the victim of a cyberattack in 2016 that exposed information that may have been used for insider trading. The hack involved the SEC’s filing database, known as EDGAR. The admission was on the heels of a Government and Accountability Office report in July that … Continue Reading

Security Vulnerabilities Identified in Wireless Syringe Infusion Pumps

The U.S. Department of Homeland Security (DHS) recently issued a warning that Smiths Medical Medfusion 4000 wireless syringe infusion pumps contain a security vulnerability that can be exploited by hackers to alter the performance of the medical devices. The devices are used to infuse small doses of medication to patients and are used in acute … Continue Reading

Vevo Hacked through LinkedIn Message

Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities. When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they … Continue Reading

Offshore Cybersecurity Guidelines Issued

DNV GL recently issued a new globally applicable recommended practice (DNLVGL-RP-G108) to assist oil and gas operators, system integrators and managers, and vendors in the offshore industry to manage increasing cybersecurity threats. The guidance is designed to help the oil and gas industry improved the security of their operational technology. A Ponemon Institute study found … Continue Reading

Cisco Releases Midyear Cybersecurity Report

We continue to try to alert our clients about the changing threat landscape in cybersecurity. We keep saying how the threats are becoming more and more sophisticated and more and more frequent, and that companies must acknowledge and address the threat as a high priority. Cisco publishes cybersecurity reports that outline the threats to businesses … Continue Reading

FDA Recalls St. Jude Medical Pacemakers for Cybersecurity Patches

The Food and Drug Administration (FDA) has issued a recall of 465,000 St. Jude Medical pacemakers in order to push a mandatory firmware patch of vulnerabilities in six types of radio controlled cardiac pacemakers. According to the FDA, it “has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s FR-enabled implantable cardiac pacemakers … Continue Reading

Beware of Fundraising Scams Following Hurricane Harvey

Following the catastrophic flooding caused by Hurricane Harvey in the Gulf Coast, many local and national nonprofits quickly mobilized to respond to survivors’ immediate needs and begin planning for the long-term recovery of affected communities. There has been an amazing outpouring of support for the relief efforts from donors across the country, as volunteers are … Continue Reading

NIST Updates Digital Identity Guidelines for Federal Agencies

This month, the National Institute of Standards and Technology (NIST) announced in a Bulletin that it has updated its Digital Identity Guidelines, which “provides agencies with technical guidelines regarding the digital authentication of users to federal networked systems.” The Bulletin outlines the components of digital identity—identity proofing, authentication and federation for federal agencies to use … Continue Reading

NIST Publishes Updated Cybersecurity Guidance and Guidance on Passwords

The National Institute of Science and Technology (NIST) has long been a leading authority in Cybersecurity—even before Cybersecurity became a household name. It originally published its Cybersecurity Framework-intended not to be a standard, but to offer guidance—to all industries on how to begin to tackle data security. As cyber threats expand and become more sophisticated, … Continue Reading

Connecticut Insurance Department Issues Bulletin on Data Security Requirements

We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading

Siemens Medical Equipment Vulnerable to Cyber-Attacks

The Department of Homeland Security and Siemens Healthineers has identified cybervulnerabilities in the Windows 7-based versions of Siemens PET/CT systems, SPECT systems, SPECT/CT Systems and SPECT Workplaces/Symbia.net and have issued a warning concerning the vulnerabilities. Although Siemens is working on updates for the affected diagnostic imaging systems, it is recommending that customers operate the systems … Continue Reading

Nevada Implements Law that Requires Notice for Collection of Personal Information

Nevada has become the third state in the Union to adopt a law that requires operators of websites and online services to provide notice to consumers who are Nevada residents of their practices around the collection and sharing of personal information, including consumers’ names, address, email address, telephone number, Social Security number or an identifier … Continue Reading

Hackers Could Target Airports, Planes, Satellites, Ships, Cars, and Trains

Cybersecurity for critical infrastructure continues to be of concern, including the transportation sector. A new study by ABI Research concludes that although the transportation sector continues to increase spending on cybersecurity year over year, the rapid digitization of airports, aircraft, trains, ships, and cars puts this sector at risk. The study mentions that poor cybersecurity … Continue Reading

Students 16 and Over: Check Out CyberStart!

Students 16 and over who live in Virginia, Michigan, Iowa, Hawaii, Nevada, Delaware and Rhode Island—you may be eligible to participate in a new cybersecurity skills program called CyberStart. You have to have access to the Internet and a computer to participate. CyberStart is “a forward-thinking skills program designed to supply specialist cyber security education … Continue Reading

Connecticut Releases Cybersecurity Strategy

On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading
LexBlog