#InformationSecurity News - 1/27/15

  • Reporting HIPAA Breaches: A New Approach - The Department of Health and Human Services is taking steps to make the process of using online tools to report breaches more efficient, hoping that will help ease the launching of investigations. More at Healthcare Info Security
  • Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds. Details via InformationWeek DarkReading.  
  • The details of three high-severity vulnerabilities affecting Apple’s OS X operating system have been disclosed over the past two days by Google. The security holes were made public this week after the 90-day disclosure deadline given by Project Zero to vendors expired. Learn more at Security Week
  • As a result of President Obama's "Buy Secure" initiative, the federal government this month is kicking off its EMV rollout, which includes the issuance of chip-and-PIN cards for all federal employees and benefits programs. Read the story at Bank Info Security
  • According to the latest research by Trend Micro, a variant of Curve-Tor-Bitcoin (CTB) Locker ransomware – also known as Critroni – being distributed in a spam campaign now offers victims additional time to pay the ransom, but also requires them to pay a whole lot more than previously. Details via SC Magazine

#InformationSecurity News - 12/10/14

  • $150K HIPAA Fine for Unpatched Software - OCR Imposes Penalty on Alaska Mental Health Provider. Read more at Healthcare Info Security
  • Bank Info Security reports that a type of cryptographic flaw known as POODLE, first publicly revealed Oct. 14 in SSL, has now also been found in Transport Layer Security. 
  • KrebsOnSecurity shares more information on wiretapping ATM skimmers complete with pictures of tapped machines. 
  • A new study indicates that 58 percent of businesses do not have complete patch management strategy, according to SC Magazine
  • Information Week's Dark Reading shares that IBM researchers have uncovered an attack that takes advantage of the "SpoofedMe" social login feature.