Dell has recently released the findings from their End-User Security Survey, and the results will probably keep you up late at night with worry. Their key finding was that an overwhelming percentage of employees (72 percent) are willing to share confidential or sensitive corporate information, and fully a third say that taking confidential corporate data on leaving a company is common practice.

There’s a new phone-based scam making the rounds that you need to be aware of. In this case, the scammers are spoofing the number of the Department of Health and Human Services’ Office of the Inspector General’s hotline (HHS-OIG), which is in place to allow people to call in and report suspected cases of fraud or abuse in a variety of programs the department oversees.

Manuel Caballero has been a busy man.

If you haven’t heard of him, he’s a security researcher and blogger who made a name for himself identifying a variety of critical security flaws in the old Internet Explorer web browser. It would probably be overstating to say that he was instrumental in Internet Explorer’s eventual death, and Microsoft’s decision to try again with its new “Edge” browser, but he was certainly part of the chorus of voices expressing concerns over the old browser’s security.

This past Friday, a new ransomware threat burst onto the scene globally in what was described as an attack “unprecedented in its scale.” Before the original version was stopped by a young, anonymous digital security expert, it had brought England’s National Health Service to its knees.

IHG, The Intercontinental Hotels Group, which owns Crowne Plaza and Holiday Inn, has recently announced a serious data breach that impacted 1174 of its franchise locations. The company reports that their Point of Sale (POS) system was found to have been infected with malware which intercepted and copied credit card transactions between September 29 and December 29, 2016. All but one of the
impacted hotels were located in the US, including:

• 163 in Texas
• 64 in California
• 61 in Florida
• 53 in Indiana
• 50 in Ohio
• 45 in New York
• 42 in Michigan
• And 39 in Illinois

The one hotel outside the US that was also impacted was a Holiday Inn in San Juan, Puerto Rico, making this a far-reaching, carefully orchestrated operation.

The landscape of ransomware attacks is changing. When the malicious software first hit the internet a couple years back, it did so in a big way, primarily targeting large hospitals, insurance companies or other health-related businesses. These high-profile attacks temporarily paralyzed a number of companies, many of whom opted to simply pay the ransom to get their files back instead of wrestling with backup systems.

Last year, the Department of Health and Human Services made headlines by issuing more than a dozen hefty fines to big companies that deal with Protected Health Information for noncompliance with HIPAA regulations.

That trend has continued into 2017, but with a new twist.

Microsoft is in the habit of releasing regular security updates and patches on the second Tuesday of each month. This month, though, in addition to the regular patch, the company’s massive user base got a second update that was rushed through development.

It’s not an overstatement to say that Linksys, to a large degree, powers the web. The company makes a broad range of routers that lie at the heart of everything from small home networks to keeping small and medium sized businesses interconnected.

Unfortunately, a pair of researchers from IOActive recently discovered a total of ten different security vulnerabilities that impact the company’s popular EA3500 router, and more than two dozen other models as well, including models from the company’s Smart Wi-Fi, Wireless-AC and WRT series.

Hackers have once again pushed the envelope. They’ve again come up with a new way to infect target computers and get around whatever detection software is in place. The latest twist is sending encrypted Word files to your employees.

These files are accompanied by an email, describing the attachment as an invoice for some service your company has supposedly paid for.