Senators Call for a National 5G Coordinator

Apurva Venkat • November 20, 2019

A bipartisan group of eight U.S. senators is urging National Security Adviser Robert O'Brien to appoint a special coordinator to oversee the rollout of 5G cellular networks. The coordinator would address security issues and coordinate the efforts of federal agencies.

Business Continuity Management / Disaster Recovery

Risky Dialing: Trump Call Raises Security Worries

Latest

Fraud Management & Cybercrime

Ransomware Analysis: 'Shade' Surges; Other Trends Emerge

Mathew J. Schwartz • November 20, 2019

Attacks tied to Shade ransomware continue to surge as part of an overall resurgence in ransomware, security researchers warn. Other malware trends include stealthy ways to sneak malicious code onto systems - including JavaScript and zipped attachments - as well as the continuing use of exploit kits.

Encryption & Key Management

Microsoft Moves Toward DNS Over HTTPS

Jeremy Kirk • November 20, 2019

Microsoft has outlined its plans for supporting the encryption of Domain Name System queries, which allows for more private internet browsing. The first step will be to upgrade connections to DNS over HTTPS, but allow admins to control DNS settings.

Endpoint Security

Bill Aims to Fill Consumer Health Device Data Privacy 'Gap'

Marianne Kolbasuk McGee • November 19, 2019

In the wake of Google's plan to buy Fitbit, two U.S. senators have introduced legislation that aims to protect the privacy of consumer health data collected on wearable devices. Meanwhile, a House committee is scrutinizing the healthcare system Ascension's sharing of patient data with Google.

Endpoint Security

IoT Security: 20 Years Behind Enterprise Computing

Jeremy Kirk • November 19, 2019

While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.

Governance

Watchdog Agencies Report on VA Privacy, Security Woes

Marianne Kolbasuk McGee • November 18, 2019

Two recent reports issued by separate watchdog agencies spotlight data privacy and security challenges at the Department of Veterans Affairs. What were the critical concerns?

Cybercrime

7 Takeaways: Insider Breach at Twitter

Mathew J. Schwartz • November 18, 2019

Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Endpoint Security

Update: More Alerts About Medical Device Security Flaws

Marianne Kolbasuk McGee • November 15, 2019

Several recent advisories from federal regulators concerning newly identified vulnerabilities in certain medical devices serve as the latest reminders of the risk management challenges involved.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Account Takeover

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency

Scott Ferguson • November 14, 2019

A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan • November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Cybercrime

The Dark Web's Automobile Hacking Forums

Jeremy Kirk • November 14, 2019

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

Cybercrime

Russian National Charged in Payment Card Scheme

Scott Ferguson • November 13, 2019

The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel.