This Time, Election Protection Bill Gets Bipartisan Support

Scott Ferguson • November 18, 2019

A bill passed by a committee last week and sent to the U.S. House floor would empower two federal agencies to investigate vulnerabilities in voting equipment and propose new ways to better protect it from attack.

Cyberwarfare / Nation-State Attacks

Microsoft Will Apply California's Privacy Law Nationwide

Latest

Governance

Watchdog Agencies Report on VA Privacy, Security Woes

Marianne Kolbasuk McGee • November 18, 2019

Two recent reports issued by separate watchdog agencies spotlight data privacy and security challenges at the Department of Veterans Affairs. What were the critical concerns?

Cybercrime

7 Takeaways: Insider Breach at Twitter

Mathew J. Schwartz • November 18, 2019

Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Endpoint Security

Update: More Alerts About Medical Device Security Flaws

Marianne Kolbasuk McGee • November 15, 2019

Several recent advisories from federal regulators concerning newly identified vulnerabilities in certain medical devices serve as the latest reminders of the risk management challenges involved.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Account Takeover

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency

Scott Ferguson • November 14, 2019

A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan • November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Cybercrime

The Dark Web's Automobile Hacking Forums

Jeremy Kirk • November 14, 2019

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

Cybercrime

Russian National Charged in Payment Card Scheme

Scott Ferguson • November 13, 2019

The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel.

Governance

Researchers Describe Significant Flaw in Intel's PMx Driver

Jeffrey Burt • November 13, 2019

Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

Devaluing Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

Fraud Management & Cybercrime

EMV 3D Secure: Upcoming Milestones

Tom Field • November 13, 2019

The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight.