Facebook CEO Mark Zuckerberg testifies Wednesday.

Congress Grills Facebook's Zuckerberg on Cryptocurrency Plans

Scott Ferguson • October 23, 2019

A U.S. Congressional committee on Wednesday peppered Facebook CEO Mark Zuckerberg with tough questions about the company's plans for a cryptocurrency called Libra, raising concerns about privacy issues as well as potential use of the currency for money laundering or to finance deals for illegal drugs and weapons.

Account Takeover

Russian Hackers Coopted Iranian APT Group's Infrastructure

Latest

Breach Notification

Florida Health System Slapped With $2.1 Million HIPAA Penalty

Marianne Kolbasuk McGee • October 23, 2019

Federal regulators have smacked Jackson Health System with a $2.1 million civil monetary penalty for a series of HIPAA violations. The case is one of only a handful in which the nation's HIPAA enforcement agency imposed such a penalty, rather than reach a settlement. What can others learn from this case?

Application Security

Avast: Stolen VPN Credentials Led to CCleaner Attack Redux

Jeremy Kirk • October 23, 2019

Avast's CCleaner utility is popular - with attackers. For the second time in two years, the company says it believes CCleaner was the intended targeted of a carefully plotted intrusion executed between May and October.

Cybercrime

NordVPN Says Server Compromised Due to Misconfiguration

Jeremy Kirk • October 22, 2019

Virtual private network provider NordVPN says an error by its Finish data center provider allowed an attacker to gain control of a server, but it says its broader service was not hacked. One security expert, however, says the attacker would have had "God mode" on one VPN node.

Governance

Zappos' Offer to Breach Victims: A 10 Percent Discount

Jeremy Kirk • October 21, 2019

Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.

Cybercrime

Assange Denied Delay for US Extradition Hearing

Scott Ferguson • October 21, 2019

A British judge has denied WikiLeaks founder Julian Assange's request to delay a five-day hearing, slated to begin Feb. 25, on whether he should be extradited to the United States to face espionage charges.

Cybercrime

Malicious Tor Browser Fleeces Darknet Users of Bitcoins

Akshaya Asokan • October 18, 2019

ESET researchers have uncovered a new cybercriminal scheme that uses a trojanized version of the Tor browser for stealing bitcoins from darknet users. So far, the scam has netted about $40,000 in virtual currency, the security firm says.

Cybercrime

Sodinokibi Ransomware Gang Appears to Be Making a Killing

Mathew J. Schwartz • October 18, 2019

Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.

General Data Protection Regulation (GDPR)

Fresh Privacy Legislation Would Jail CEOs for Violations

Suparna Goswami • October 18, 2019

New legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?

Cybercrime

Darknet Markets: As Police Crack Down, Cybercriminals Adapt

Nick Holland • October 18, 2019

The latest edition of the ISMG Security Report discusses the shutdown of DeepDotWeb. Plus, dealing with breach fatigue and the Pitney Bowes ransomware attack.

Cybercrime

Cybercrime Tool Prices Continue to Rise on Darknet Sites

Akshaya Asokan • October 17, 2019

The prices for specific types of cybercriminal tools on darknet sites continue to rise, according to a recent analysis by security firm Flashpoint. Payment card and passport data remain the most sought-after commodities on these forums, research shows.

Cybercrime

Phorpiex Botnet Behind Large-Scale 'Sextortion' Campaign

Apurva Venkat • October 17, 2019

Scammers are using the notorious Phorpiex botnet as part of an ongoing "sextortion" scheme, according to Check Point researchers. At one point, the botnet was sending out over 30,000 spam emails an hour and the attackers made about $110,000 in five months, researchers say.

Critical Infrastructure Security

Open Cybersecurity Alliance: In Pursuit of Interoperability

Geetha Nandikotkur • October 17, 2019

Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications. But some observers say getting all players to agree on a common platform will be challenging.