Security News > 2020 > January

Federal prosecutors say Practice Fusion - now a unit of Allscripts - will pay $145 million to settle civil and criminal investigations related to its electronic health records system. Practice Fusion agreed to pay over $26 million in criminal fines and forfeiture, the Justice Department says.

Facebook said Tuesday a new tool allowing users of the social network to view and delete data it collects from third parties is rolling out to the estimated two billion members of the leading social network worldwide. Facebook chief executive Mark Zuckerberg said the tool offers "a new level of transparency and control" for the social network, which has been roiled by revelations in the past few years on how it collects and uses data.

Those two forces are, one, individual social media users and, second, the engagement algorithms used by social media platforms. Social media algorithms can be used to magnify a troll's message and promote the re-sharing of a message that appeals to a niche corner of a social media platform.

Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground's most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.

As a result, Huawei will be excluded from the sensitive "Core" parts of new 5G and gigabit-capable networks. On Wednesday, the European Commission endorsed guidelines for 5G networks that would allow European Union member states to decide whether to allow "High risk" telecommunications groups, including Huawei, in their networks, The Hill reports.

The cancellation - or postponement, depending on how optimistic you want to be - was announced by the DEF CON team on Monday, a little more than ten weeks before the confab was scheduled to take place in Beijing. "China has announced a six-month hold on events like ours as part of the effort to combat the coronavirus outbreak," the DEF CON team said.

The security proposals released Monday mainly focus on improving the security of passwords by ensuring that they are not resettable to any universal factory setting as well as refining the way IoT manufacturers disclose vulnerabilities in their connected devices. The goal of these proposals is to provide greater security protections as the number of connected devices, including security cameras, routers, smart home devices and autonomous vehicles, increase.

A vulnerability in the Zoom online meeting system could allow attackers eavesdrop on meetings and view all shared content, Check Point security researchers have discovered. What Check Point's security researchers discovered was that an attacker could predict Meeting IDs and potentially join active meetings.

Today, I want to take a closer look at the PCI DSS 3.2 standard, starting with Requirement 8 and gradually making our way to Requirement 8.3.2. The standard specifically uses CDE, or the cardholder data environment, instead of "Sensitive data," but the concept is the same - make sure the person requesting access is truly who they claim to be.

According to SentinelLabs, which has seen attacks involving Snake for the past month, files encrypted by this ransomware are difficult or impossible to recover without paying the ransom demanded by the attackers. Snake targets a wide range of files, but avoids encrypting system files and folders.