Friday Five: 12/14 Edition

A 111K HIPAA settlement, a new data privacy bill, and how to recover from a massive ransomware attack - catch up on the week's infosec news with this roundup!

Lack of Knowledge, Visibility Contributed to Equifax Breach

A government report released this week says a culture of cybersecurity complacency at Equifax, compounded by a lack of visibility into its complex legacy IT environments, led to last year's breach.

Facing the Future of Biometric Regulation

Microsoft's president warned about the implications of facial recognition systems this week, advocating the government to regulate the technology sooner than later.

Nine Steps to Effective and Sustainable Payment Card Security

These nine steps can help can help organizations looking to achieve PCI Security compliance detect weak spots in their security systems and evolve in the face of challenges.

The Best Resources for InfoSec Skillbuilding

Check out our guide to the top resources for information security skill building, from books to bootcamps.

Friday Five: 12/7 Edition

Can the blockchain stop phishing? Are all of these data breaches scorning users? This week's Friday Five attempts to answer those questions and more.

12-State Lawsuit Alleges Medical Firm Violated HIPAA

The company not only failed to encrypt electronic protected health information but failed to maintain a security monitoring system that could have flagged supicious and anomalous activity.

Is Google Violating GDPR by Tracking EU Users?

Consumer groups in Europe argue Google doesn't have a valid legal basis for processing users’ location data and is processing personal information that violates the EU's General Data Protection Regulation.

Critical Kubernetes Vulnerability Allows Data Theft, Code Injection

A privilege escalation flaw uncovered in Kubernetes could allow attackers to steal sensitive data, inject malicious code, and bring down production apps and services.

What is the MITRE ATT&CK Framework?

Learn about the MITRE ATT&CK Framework, how it can be used to classify adversary behaviors, and assess an organization's risk in this week's Data Protection 101.