Latest

►

Biometrics

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Tom Field  •  April 16, 2021

No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?

►

Breach Notification

ISMG Editors’ Panel: The Facebook Breach and More

Anna Delaney  •  April 16, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.

3rd Party Risk Management

Attack on Codecov Affects Customers

Doug Olenick  •  April 16, 2021

Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney  •  April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

Governance & Risk Management

Going Beyond HIPAA to Protect Health Data Privacy

Marianne Kolbasuk McGee  •  April 16, 2021

A proposed privacy framework from the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.

Fraud Management & Cybercrime

Ireland’s Privacy Watchdog Launches GDPR Probe of Facebook

Mathew J. Schwartz  •  April 16, 2021

Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online. It will analyze whether Facebook violated the country's data protection law or the EU's General Data Protection Regulation.

Breach Notification

Bank Groups Object to Proposed Breach Notification Regulation

Doug Olenick  •  April 15, 2021

The American Bankers Association and three other banking groups have voiced objections to provisions in a proposed federal cyber incident notification regulation. For example, they say the definition of a reportable "computer security incident" is too broad and would result in the reporting of insignificant events.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz  •  April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

COVID-19

Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

Marianne Kolbasuk McGee  •  April 14, 2021

Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.

Fraud Management & Cybercrime

Defining Synthetic ID Fraud: How It Helps With Mitigation

Suparna Goswami  •  April 14, 2021

Now that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say.

Cyberwarfare / Nation-State Attacks

Sweden: Russians Behind Sports Confederation Hack

Akshaya Asokan  •  April 14, 2021

The Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field  •  April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.