GovInfoSecurity.com RSS Syndication

Why This Facebook Privacy Settlement Is Unusual

$650 Million Settlement Reached Under Illinois' Groundbreaking Biometrics Privacy Law
Ending six years of litigation, a federal judge has signed off on a $650 million settlement of a class-action lawsuit against Facebook for violating Illinois' groundbreaking privacy law that restricts collecting biometrics data. Here's why this case is so unusual.

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

Incidents Spotlight Growing COVID-19-Related Cyberthreats
Two Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data.

Rockwell Controllers Vulnerable

Flaw Could Enable Access to Secret Encryption Key
A critical authentication bypass vulnerability could enable hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation, according to the cybersecurity company Claroty. Rockwell has issued mitigation recommendations.

Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains

‘Supply Chain Security Is Broken, and It’s Time for a Change’
Jamil Farshchi has been there. As CISO of Equifax, he knows what it’s like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: "Are they going to be a force for good by helping the rest of the industry learn from their experience?"

DoD: Notice of Proposed Rulemaking on Privacy Training

The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.

NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide

Guidance on establishing processes to rapidly detect and respond to cyber incidents.

NIST FIPS PUB 201-2: Personal Identity Verification of Federal Employees and Contractors DRAFT

Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.

NIST SP 800-39: Managing Information Security Risk

Organization, Mission and Information System View

Live Webinar: Going Passwordless and Beyond - The Future of Identity Management

Illumination Summit: Poker & Cybersecurity: A Game of Skill, Not Luck

Live Webinar | The Path to Zero Trust with Least Privilege & Secure Remote Access

Live Webinar | You Can’t Stop Human Attackers without Human Reporting and Analysis

Analysis: Feds Crack Down on Cryptocurrency Scams

The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.

Secure Patient Access to Health Records: The Challenges

As the healthcare sector works to provide patients with secure access to their health information via smartphones and other devices, it must address critical identity and trust issues, says DirectTrust president and CEO Scott Stuewe.

Analysis: Russia's Sandworm Hacking Campaign

This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.

Becoming a CISO: Many Paths to Success

Mike Hamilton, founder and CISO of CI Security, followed an unusual path that led him to a career in cybersecurity. He says those who, like him, lack a formal education in security can build successful CISO careers.

Not 'Above the Law' - Feds Target ICO Cryptocurrency Scams

$70 Million Allegedly Lost to Schemes Such as Bitcoiin2Gen Touted by Steven Seagal
Authorities have accused Serbia-based scammers of capitalizing on the "initial coin offering" bubble that began in 2017, bilking global cryptocurrency investors out of $70 million via Bitcoiin2Gen and other supposed coins and hiring actor Steven Seagal to endorse them.

SonicWall Was Hacked. Was It Also Extorted?

Hacker Claims SonicWall Paid Ransom; SonicWall Stays Silent
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.

Data Breaches: ShinyHunters' Dominance Continues

Prolific Cybercrime Group Recently Tied to Breaches of E-Commerce and Dating Sites
In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say. And this year, it shows no signs of slowing down - it's already hacked e-commerce site Bonobo and dating site MeetMindful.

Bloomberg's Supermicro Follow-Up: Still No Chip

New Story Is Scant on Proof That China Implanted Chips on Motherboards
Bloomberg has stood firm on its controversial story from two years ago asserting that China implanted a tiny chip on motherboards made by Supermicro. But rather than proving its contention in a follow-up, it may have inflicted more reputational damage upon itself.