Latest

Cybercrime

For Sale on Cybercrime Markets: Real 'Digital Fingerprints'

Mathew J. Schwartz  •  August 22, 2019

Cybercrime marketplaces Genesis and Richlogs are helping fraudsters to better impersonate legitimate users of banks, eBay, Amazon, Netflix and more by providing them with victims' legitimate "digital fingerprints" and replay tools designed to fool anti-fraud defenses.

3rd Party Risk Management

Cloud Security: Mess It Up and It's on You

Jeremy Kirk  •  August 22, 2019

The transition to cloud-based software and infrastructure has revolutionized development and services. It's also created a bevy of new security challenges. Jay Heiser of Gartner says if organizations don't get cloud security right, it's their own fault. Here's why.

Cyberwarfare / Nation-State Attacks

Cyber Espionage Campaign Uses Spoofed Websites

Apurva Venkat  •  August 22, 2019

A cyber espionage campaign, which may have ties to North Korea, is suspected of targeting foreign ministries, academic institutions and think thanks that are studying or writing reports about the nation's regime, according to an analysis by the security firm Anomali.

Governance

Is Apple's Top $1 Million Bug Bounty Too Much?

Jeremy Kirk  •  August 21, 2019

Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.

Biometrics

Use of Facial Recognition Stirs Controversy

Apurva Venkat  •  August 20, 2019

A developer's use of facial recognition technology to scan the faces of pedestrians in London has sparked concerns from residents, the mayor and Britain's privacy watchdog. Meanwhile, the use of the technology is raising privacy concerns worldwide and is even becoming an issue in the U.S. presidential race.

►

Cybercrime

Threat Intel for a Global Economy

Tom Field  •  August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

Business Email Compromise (BEC)

FBI Arrests Nigerian Suspect in $11 Million BEC Scheme

Scott Ferguson  •  August 19, 2019

The FBI has arrested a Nigerian businessman for allegedly carrying out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar.

Breach Notification

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz  •  August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

Cybercrime

European Central Bank Closes a Website Following Hack

Scott Ferguson  •  August 16, 2019

The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan  •  August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Big Data Security Analytics

Travel Card Data Release Risked Australians' Privacy

Jeremy Kirk  •  August 16, 2019

Big data analysis relies on big data being available. But a recent incident in Australia put the privacy of millions of public transport travelers at risk after steps weren't taken to properly anonymize three years of travel records, Victoria's information commissioner has found.

Account Takeover

The Renaissance of Deception Technology

Nick Holland  •  August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.