Security News > 2020 > March

A gastroenterologist has been smacked with a $100,000 HIPAA settlement after an investigation stemming from a 2013 breach report the practice filed related to a business associate dispute. A resolution agreement in the case says OCR initiated a compliance review of Porter's practice following the receipt of a breach report filed by the practice in November 2013.

What is the impact on the individuals and their enterprises? And what should be done to alleviate this stress? Stuart Reed of Nominet analyzes this latest CISO Stress report. How senior management can take the lead on relieving CISO stress.

So it's able to sort of tunnel, it's trying to control via the DNS system, which will get around a lot of IDS's and things that aren't looking for it because traditionally, things aren't looking at that information as being malicious. So it's just a way of getting around any sort of detection controls or many detection controls.

Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018, according to a federal indictment unsealed Monday. The North Korean-linked group also apparently has been involved in numerous banking thefts, including the 2016 Bangladesh Bank heist, and it has recently begun targeting cryptocurrency exchanges to help illegally fund the government, U.S. authorities say.

In 2019, the Global Cyber Alliance debuted its toolkit to help small and midsized organizations bolster cybersecurity. How has the toolkit been received and refined? Phil Reitinger, president of GCA, discusses progress.

UPDATE. Popular free certificate authority Let's Encrypt said it will revoke 3 million Transport Layer Security certificates Wednesday, because of a Certificate Authority Authorization bug. Let's Encrypt explained on Tuesday it had to revoke the 3 million certificates because of a CAA bug that impacted the way its software checked domain ownership before issuing certificates.

As a result, companies are not always sure who they are dealing with and the amount of opacity within the supply chain has increased, Conway says. These developments, Conway says, are one reason why the dialogue around supply chain security should be changing and why different approaches are needed.

Ghai is president of RSA, which focuses on helping customers manage digital risk through business-driven security solutions. He is responsible for all aspects of the business and accelerating growth by setting the strategic direction and driving operational execution.

On Wednesday, March 4, Let's Encrypt - the free, automated digital certificate authority - will briefly become Let's Revoke, to undo the issuance of more than three million flawed HTTPS certs. In a post to the service's online forum on Saturday, Jacob Hoffman-Andrews, senior staff technologist at the EFF, said a bug had been found in the code for Boulder, Let's Encrypt's automated certificate management environment.

The U.S. is late to the 5G race. There are multiple strategies that policymakers can pursue to facilitate the near-term rollout of safer and more trusted 5G networks across the country, says Michael Chertoff, executive chairman of The Chertoff Group and former secretary of the Department of Homeland Security.