French Privacy Regulator Fines Google $57M for GDPR Violation
French regulators hit Google with a $57 million fine for violating GDPR rules that took effect last May by being less than upfront about how user data is collected and used. French data privacy agency CNIL levied the fine, the first against a U.S. company since GDPR took effect last spring, noting that Google “Essential […]
Town of Salem Breach Affects 7 Million Accounts
The Town of Salem (video game) was hit with a massive data breach last week that exposed the information on more than 7 million users. The breach was discovered by the cybersecurity research Dehashed on December 28 when he received an anonymous email that indicated someone had gained access to the game’s database. Town of […]
Justice Department Charges Chinese Nationals in ‘Extensive’ Global Hacking Campaign
Prosecutors accuse two people of hacking in conjunction with the Chinese government. They are accused of stealing information from at least 45 U.S. tech companies and government agencies. The two also allegedly targeted defense industrial companies and managed service providers as a way to gain entry to U.S. corporations and agencies through their suppliers. The […]
DoD Inspector General Finds Multiple Flaws in Missile Defense System Cybersecurity
The potential scenario of this cybersecurity flaw being exploited is not as severe, as say, the plot from the movie Wargames, but several major holes have been found in defense facilities housing technical information on the nation’s ballistic missile defense systems (BMDS) that could prove disastrous to America’s ability to defend itself against an ICBM attack. […]
Chinese Hackers Breach U.S. Navy Contractors
Review of cyber vulnerability is ordered after intruders gain access to information about military technology Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities. A series of incidents in the past 18 months has pointed out the […]
Japan Cyber Minister Tells Parliament He’s Never Used Computers
The deputy chief of Japan’s cybersecurity strategy office told parliament this week that he doesn’t use computers. “Since the age of 25, I have instructed my employees and secretaries, so I don’t use computers myself,” 68-year-old Yoshitaka Sakurada said, according to local media. Sakurada, who is in charge of the 2020 Olympic and Paralympic Games […]
Data Leak Incident Reported by Fortune 500 Metropolitan Life Insurance Company
The personal information of multiple customers was exposed in the form of an attachment sent to a Benefits Administrator as reported by Metropolitan Life Insurance Company (MetLife) in a notice of data breach forwarded to the Office of the Attorney General of California. However, according to MetLife notification, “The Benefits Administrator, who regularly works with MetLife, deleted the email, […]
State Department Shamed for Poor Adoption of Multi-Factor Authentication
Senators demand answers after government report finds that only 11 percent of the Department of State’s devices use multi-factor authentication. Five US senators have sent a letter to Secretary of State Mike Pompeo requesting answers why the State Department has not widely deployed basic cyber-security protections, such as multi-factor authentication (MFA). The letter was sent […]
Marriott Hit by Massive Data Breach: 500 Million Starwood Customers Impacted
Marriott International said early Friday that data on roughly 500 million customers staying at Starwood hotel properties had been compromised in a breach that gave unknown attackers access to the Starwood network since 2014. The company said it has not finished identifying duplicate information in the database, but believes it contains information on up to […]
Database Breach Affects 2.6 Million Atrium Health Patients
Atrium Health has reported a massive data breach exposing the PII of more than 2.6 million clients after someone gained access to a database belonging to a third-party vendor. The North Carolina-based healthcare provider stated that AccuDoc Solutions, a vendor providing billing and other services, had informed Atrium on October 1 that an unauthorized person had gained access to […]
Pentagon Fails Its First-Ever Audit, Official Says
The Pentagon has failed what is being called its first-ever comprehensive audit, a senior official said on Thursday, finding U.S. Defense Department accounting discrepancies that could take years to resolve. Results of the inspection – conducted by some 1,200 auditors and examining financial accounting on a wide range of spending including on weapons systems, military […]
![AdobeStock_97005296 [Converted]](https://www.regdox.com/wp-content/uploads/2018/11/AdobeStock_97005296-Converted-e1542051602331.jpg)
Pinpointing Risky Employee Behaviors Enables IT Leaders to Reduce Risk
In the first half of 2018, more than 4.5 billion digital records were compromised in data breaches, according to research from Gemalto’s “2018: Data Privacy and New Regulations Take Center Stage” report. With the value of each lost or stolen record set at roughly $148, the financial and operational impact of data loss has never been […]
Top Australia Defense Firm Reports Serious Cyber Breach
A top Australian defense firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt. Austral — which among other things makes small, quick ships for warfare close to shore — said its “data management system” had been infiltrated by an “unknown offender”. […]
Stuxnet is Back, Iran Admits
The infamous malware is back, and it’s “more violent, more advanced and more sophisticated” than ever. A new version of the infamous Stuxnet worm has been used to attack Iranian government networks, according to reports. The famous malware has apparently re-emerged, with Israeli news programme Hadashot stating that Iran “has admitted in the past few […]
![AdobeStock_211095871 [Converted]](https://www.regdox.com/wp-content/uploads/2018/11/AdobeStock_211095871-Converted-e1541083534194.jpg)
10 Critical Security Skills Every IT Team Needs
Focus on hiring talent with the following security skills and your team will be equipped to prevent, protect and mitigate the damage of cybersecurity attacks — and speed recovery efforts. As hackers become more sophisticated, and attacks more frequent, it’s no longer a matter of if your organization becomes a target, but when. That reality has forced […]
Improving Cybersecurity Culture Requires Clarity, Commitment
Only a third of employees have a sound understanding of their role in their organizations’ security culture. Okay, so it’s October and that means it’s Cybersecurity Awareness Month. And, for the past four years, I have maintained that “cybersecurity is everybody’s business.” I maintain this is, in fact, the case. However, it’s clear that, […]
Cyber Command Goes on the Offense to Protect U.S. Election
In the lead up to the mid-term elections next month the U.S. Cyber Command has launched its first ever offensive operation against individual Russians attempting to interfere. Cyber Command The New York Times made the initial report on the operation, and had few details as to what the action included, but indicated the suspected election operatives […]
![AdobeStock_82453654 [Converted]](https://www.regdox.com/wp-content/uploads/2018/10/AdobeStock_82453654-Converted-e1540216837287.jpg)
Another Government System Breached; 75,000 People Affected
The Centers for Medicare & Medicaid Service confirmed a breach. Apple CEO Tim Cook wants Bloomberg to retract the spychip story. A Connecticut city paid a ransom to unlock 23 servers. On Friday, the Centers for Medicare & Medicaid Service admitted to a breach in which attackers made off with the sensitive and personal information of […]
![AdobeStock_204077439 [Converted]](https://www.regdox.com/wp-content/uploads/2018/10/AdobeStock_204077439-Converted-e1540216100818.jpg)
Hook, Line and Sinker: After Phish Get Caught
Phishing is nearly as old as email, but it is still a major attack vector for cybercriminals. Some of the most prominent cyber incidents of the past few years are the result of phishing attempts. Despite the maturity of this problem, the solutions proposed by the industry during the past decades haven’t been successful. At […]
GAO Report Slams Department of Defense Cybersecurity Practices
Securing the upcoming election against cyberattack or influence is rightfully garnering a great deal of attention, but a recent General Accounting Office (GAO) report indicates the United States is doing a poor job building weapon systems resistant to cyberattack. The report noted that the very aspects that make some of the nation’s most dangerous weapons […]
Nearly All New U.S. Weapons Systems Have ‘Critical’ Cybersecurity Problems, Auditors Say
Almost all of the U.S. military’s newly developed weapons systems suffer from “mission-critical cyber vulnerabilities,” a review of government security audits conducted from 2012 to 2017 found, suggesting military agencies have rushed to computerize new weapons systems without prioritizing cybersecurity. The findings were released Tuesday in a report from the Government Accountability Office. The report drew on […]
Without Handcuffs: Creating A Culture of Compliance
Over the years, I have met with hundreds of security teams. One of the most common complaints, that comes up in meetings with companies of all sizes and across all industries, is that security teams feel helpless to enforce the policies they put in place. Multiple security officers have described it as feeling like “cops […]
October is National Cybersecurity Awareness Month
Connected devices are essential to our professional and personal lives, and criminals have gravitated to these platforms as well. Many common crimes—like theft, fraud, harassment, and abuse—are now carried out online, using new technologies and tactics. Others, like cyber intrusions and attacks on critical infrastructure, have emerged as our dependence on connected systems revealed new […]
JVP, SOSA Partner With City of New York on Cybersecurity Initiative
Called Cyber NYC, the new initiative will receive a $30 million investment from the city of New York and intends to raise an additional sum of up to $70 million from private investors New York City Economic Development Corporation (NYCEDC) announced a new cybersecurity initiative Tuesday, naming Israeli venture capital firm Jerusalem Venture Partners (JVP) […]
White House Touts Release of National Cyber Strategy
Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by enforcing global […]