The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cloud-Delivered
- Cross Platform
- Flexible Controls
DATAINSIDER
Digital Guardian's Blog
Friday Five: 12/29 Edition

Catch up on the week's infosec news with this recap!
1. Cryptojacking Has Gotten Out of Control by Lily Hay Newman
Wired took a look at the ongoing cryptojacking craze Friday. The technique, which relies on hijacking unsuspicious users' browsers to mine cryptocurrency--usually Monero--has caught on like wildfire over the last several months. The article mostly takes a look at Coinhive, a company that allows organizations to install an in-browser miner to earn money, and the inherent troubles associated with it. The big issue that's unlikely to change is that regardless what form the threat takes, there's a ubiquitous lack of consent; victims can rarely choose if their machines are co-opted.
2. Network Printer and Scanner Spoofing Campaign Targets Millions by DarkReading
Researchers with Barracuda Networks warned of an ongoing scam shortly before Christmas targeting users with printer-scanner devices from HP, Canon, and Epson. According to DarkReading, who recapped the research last Friday the campaign is leveraging phishing emails laden with malicious PDFs and trying to avoid detection by changing file names. It's a little fascinating really; it's an age-old exploitation technique but still working for some attackers apparently.
3. Ancestry.com's RootsWeb Forum Breached, 300,000 Records Compromised by Doug Olenick
Ancestry.com announced that some members of RootsWeb, its genealogical community, may have had their email/usernames and passwords stolen late last week. While users' credit card numbers and social security numbers weren't compromised, information on roughly 300,000 users may have been breached, the company's CISO said in a blog post last weekend. According to SC Magazine's Doug Olenick, who reported on the breach Thursday, it was initially reported by an outside security researcher on December 20, meaning the company worked fairly fast - especially in light of the holiday - to disclose it.
4. Tastylock Cryptomix Ransomware Variant Released by Lawrence Abrams
Just because it's the holidays doesn't mean attackers take a vacation from creating, testing, and releasing new types of malware. Case in point: Tastylock, a new CryptoMix ransomware variant discovered recently by Michael Gillespie. Lawrence Abrams, the ransomware pro behing BleepingComputer detailed the malware on Thursday. While the encryption methods are the same, this iteration appends .tastylock to the end of files and changes the contact email used to get the victim to pay the ransom.
5. 9 HIPAA Settlement Fines in 2017 by Jessica Kim Cohen
Becker's Health IT & CIO Review's Jessica Kim Cohen wound down the year last week by recapping nine fines resolving allegations against health systems by the HHS's Office for Civil Rights in 2017. The costliest one, imposed on Florida's Memorial Healthcare System, asked for $5.5M after it was determined unauthorized employees accessed protected health information belonging to 115,143 individuals.
SUBSCRIBE
Get email updates with the latestfrom the Digital Guardian Blog
Thank you for subscribing!

WHITEPAPERS
Meeting Stringent HIPAA Regulations: Your Guide To Safeguarding Patient Data
