An expert says the dubious chip would have to be smaller than any labelled chip on this Supermicro MicroBlade. Photo: ServeTheHome

Where Is the Secret Spying Chip Reported by Bloomberg?

Jeremy Kirk • October 23, 2018

Where is the secret spying chip devised by China that Bloomberg reported had worked its way into at least 30 companies, including Amazon and Apple? The report earlier this month alleging supply chain infiltration by China's People's Liberation Army triggered skepticism from the start - and it's growing.

Business Continuity Management / Disaster Recovery

Criminals' Cryptocurrency Addiction Continues

Latest

Cybersecurity

Analysis: Did Anthem's Security 'Certification' Have Value?

Marianne Kolbasuk McGee • October 23, 2018

Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework.

Breach Preparedness

Obamacare System Breach Affects 75,000

Marianne Kolbasuk McGee • October 22, 2018

Federal regulators are working to shore up security of systems that support Obamacare in time for open enrollment season, which launches on Nov. 1, following the revelation of a breach of a portal used by insurance agents and brokers that exposed data of 75,000 individuals.

Authentication

Heads-Up: Patch 'Comically Bad' libSSH Flaw Now

Jeremy Kirk • October 19, 2018

Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad."

Cybersecurity

UK Cyberattack Investigations: An Analysis

Nick Holland • October 19, 2018

The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web.

Cybercrime

Facebook Eyes Spammers for Mega-Breach

Mathew J. Schwartz • October 18, 2018

Facebook is eyeing spammers as being the culprits behind its recently disclosed mega-breach, The Wall Street Journal reports. Preliminary findings from Facebook's internal investigation suggest that the attackers were not affiliated with a nation-state, but rather part of a known spam ring, the newspaper reports.

Endpoint Security

War Declared on Default Passwords

Mathew J. Schwartz • October 17, 2018

With at least 20 billion new consumer devices set to be internet-connected by 2020, initiatives in the U.K. and California are trying to ensure that as many IoT devices as possible will be out-of-the-box secure, for starters by not shipping with default passwords.

Cybercrime

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Marianne Kolbasuk McGee • October 16, 2018

Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?

Cybercrime

US Voter Records for Sale on Hacker Forum

Jeremy Kirk • October 16, 2018

A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records.

Anti-Phishing, DMARC

10 Cyberattacks Investigated Weekly by UK

Mathew J. Schwartz • October 16, 2018

The U.K.'s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say.

Breach Notification

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Mathew J. Schwartz • October 15, 2018

The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.

Breach Response

Facebook Clarifies Extent of Data Breach

Howard Anderson • October 12, 2018

Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected.

Endpoint Security

Review Shows Glaring Flaws In Xiongmai IoT Devices

Jeremy Kirk • October 12, 2018

Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.