Officials say the ransomware attack didn't compromise state government networks. (Photo of a Texas state capital building in Austin by TSLAC, via Flickr/CC)

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz • August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

Cyberwarfare / Nation-State Attacks

Democratic Campaign Group Left 6 Million Emails Exposed

Latest

Cybercrime

European Central Bank Closes a Website Following Hack

Scott Ferguson • August 16, 2019

The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan • August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Big Data Security Analytics

Travel Card Data Release Risked Australians' Privacy

Jeremy Kirk • August 16, 2019

Big data analysis relies on big data being available. But a recent incident in Australia put the privacy of millions of public transport travelers at risk after steps weren't taken to properly anonymize three years of travel records, Victoria's information commissioner has found.

Account Takeover

The Renaissance of Deception Technology

Nick Holland • August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

Cybercrime

Prosecutors Allege Capital One Suspect Stole From Many Others

Scott Ferguson • August 15, 2019

Paige A. Thompson, who's been arrested on a charge of hacking into Capital One's network and taking the personal and financial data of 106 million individuals, is also suspected of stealing information from over 30 other organizations, according to new court documents.

Active Defense & Deception

Making the Most of an Investment in Deception Technology

Jeremy Kirk • August 15, 2019

Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.

Biometrics

Biometric Security Vendor Exposes Fingerprints, Face Data

Jeremy Kirk • August 15, 2019

A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.

Governance

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Akshaya Asokan • August 14, 2019

Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.

3rd Party Risk Management

Choice Hotels: 700,000 Guest Records Exposed

Jeremy Kirk • August 14, 2019

Choice Hotels says about 700,000 guest records were exposed after one of its vendors copied data from its systems. Fraudsters discovered the unsecured database and tried to hold the hotel chain to ransom, which it ignored.

Encryption & Key Management

Health Data Breaches Involving Unencrypted Devices Reported

Marianne Kolbasuk McGee • August 13, 2019

While health data breaches stemming from the loss or theft of unencrypted devices have nosedived in recent years, a handful of recent incidents serve as a reminder that these devices still can pose risks to patient data.

Endpoint Security

SQLite Vulnerability Permits iOS Hack: Report

Akshaya Asokan • August 13, 2019

Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.

Artificial Intelligence & Machine Learning

Elon Musk Wants to Hack Your Brain

Mathew J. Schwartz • August 13, 2019

The news that serial entrepreneur Elon Musk and scientists have unveiled Neuralink - a neuroscience startup that's been in stealth mode for two years and aims to create a new computer/brain interface - might make you ask: What took him so long? Before signing up, just make sure it's immune to ransomware.