European Union flag. (Photo: Yanni Koutsomitis, via Flickr/CC)

Europe's Strong GDPR Privacy Rules Go Into Full Effect

Mathew J. Schwartz • May 25, 2018

The EU's General Data Protection Regulation has gone into full effect as of May 25, 2018. After a two-year grace period following the passage of the legislation, member states' data privacy watchdogs are now enforcing the strong privacy rules, which offer worldwide protection for Europeans.

General Data Protection Regulation (GDPR)

GDPR: Is Australia Ready?

Latest

Breach Notification

GDPR Enforcement Begins: Impact on Healthcare, Banking

Nick Holland • May 25, 2018

Leading the latest edition of the ISMG Security Report: Reports on the impact enforcement of the EU's General Data Protection Regulation, which began Friday, will have on the healthcare and banking sectors. Plus an assessment of GDPR compliance issues in Australia, which offer lessons to others worldwide.

Anti-Malware

FBI Seizes Domain Controlling 500,000 Compromised Routers

Jeremy Kirk • May 24, 2018

At least 500,000 routers, mostly located in Ukraine, have been infected with "VPN Filter" malware that experts believe is a prelude to a massive cyberattack. But the FBI has sinkholed the control domain for the router botnet, which should help contain the potential damage.

Artificial Intelligence & Machine Learning

Amazon Rekognition Stokes Surveillance State Fears

Mathew J. Schwartz • May 23, 2018

The American Civil Liberties Union has launched a broadside against Amazon, warning that Amazon Rekognition - mixing big data, machine learning and facial recognition - could be abused by authoritarian regimes. Amazon has countered by saying that all users must "comply with the law."

Cybercrime

DDoS Attacker Receives 15-Year Sentence

Mathew J. Schwartz • May 21, 2018

John Gammell of New Mexico has been sentenced to serve 15 years in prison for launching DDoS attacks against prior employers and business competitors, as well as for being a convicted felon in possession of firearms.

Governance

Websites Still Under Siege After 'Drupalgeddon' Redux

Jeremy Kirk • May 21, 2018

Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.

Privacy

FCC to Investigate US Mobile Phone Location-Revealing Flaw

Mathew J. Schwartz • May 21, 2018

Following the disclosure of a flaw in the website of LocationSmart that could have been easily exploited to track the location of cellular phone users throughout the U.S. in real time, the Federal Communications Commission has referred the matter to its enforcement bureau for investigation.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Cybersecurity

As Payments Speed Up, How Can Fraud Be Minimized?

Nick Holland • May 17, 2018

Knowing as many details as possible about the customer, the payment and the recipient is a critical component of stopping fraud as payments become faster, says anti-fraud specialist David Barnhardt.

Data Breach

US Government Plans to Indict Alleged CIA Leaker

Jeremy Kirk • May 16, 2018

A former CIA software engineer who is facing child pornography charges is a possible suspect in the largest-ever leak of classified information from the spy agency. While Joshua A. Schulte has not been charged with the leak, prosecutors have indicated they will soon indict him.

Cybersecurity

White House Axes Top Cybersecurity Job

Mathew J. Schwartz • May 16, 2018

The Trump administration has eliminated the top cybersecurity coordinator role in the White House. The decision has earned a sharp rebuke from lawmakers and former government officials, who say cybersecurity demands a greater - not lesser - prominence in the federal government.

Anti-Malware

Mexico Investigates Suspected Cyberattacks Against 5 Banks

Jeremy Kirk • May 15, 2018

Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.

Encryption

Uninstall or Disable PGP Tools, Security Researchers Warn

Mathew J. Schwartz • May 14, 2018

European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.