Amazon CEO Jeff Bezos

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz • January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Encryption & Key Management

Senators Field Legislation to Build Huawei 5G Alternatives

Latest

Cyberwarfare / Nation-State Attacks

BT and Vodafone Reportedly Want Huawei 5G Gear

Mathew J. Schwartz • January 22, 2020

Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Advanced SOC Operations / CSOC

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Jeremy Kirk • January 21, 2020

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.

Breach Notification

Federal Breach Tally: 2020 Trends So Far

Marianne Kolbasuk McGee • January 21, 2020

Three weeks into the new year, several hacking incidents involving email have already been added to the federal tally of major health data breaches. How should organizations stay one step ahead?

Fraud Management & Cybercrime

Maryland Considers Criminalizing Ransomware Possession

Akshaya Asokan • January 21, 2020

Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison, similar to moves at least two other states have already made. But is such legislation effective?

Governance

Citrix Releases First Patches to Fix Severe Vulnerability

Scott Ferguson • January 20, 2020

Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.

Anti-Money Laundering (AML)

How Cybercriminals Are Converting Cryptocurrency to Cash

Ishita Chigilli Palli • January 20, 2020

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according a report by Chainalysis.

Application Security

Microsoft Warns of Zero-Day Internet Explorer Exploits

Mathew J. Schwartz • January 20, 2020

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.

Active Defense & Deception

Sizing Up Today's Deception Technology

Nick Holland • January 20, 2020

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Cybercrime

'WeLeakInfo' Website Shut Down

Scott Ferguson • January 17, 2020

Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

Cybercrime

Cyberattack on a Major Bank Would Have Ripple Effect: Study

Ishita Chigilli Palli • January 17, 2020

A cyberattack targeting one of the largest banks in the U.S. that stops the processing of payments likely would have a major ripple effect throughout the financial system, according to a new report from the Federal Reserve Bank of New York.

Business Email Compromise (BEC)

BEC Fraudsters Targeting Financial Documents: Report

Scott Ferguson • January 17, 2020

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.