Latest

Cyberwarfare / Nation-State Attacks

UK Considers Limited Role for Huawei in 5G Rollout: Report

Ishita Chigilli Palli  •  January 24, 2020

U.K. officials reportedly are considering a proposal to allow China's Huawei to play a limited role in providing certain equipment for the country's 5G rollout, which would defy calls from the U.S. for a complete ban of telecom gear from the company.

Cybercrime

Stolen Payment Card Trafficking Mastermind Pleads Guilty

Scott Ferguson  •  January 24, 2020

Aleksey Burkov, who was extradited from Israel to the U.S. in November, plead guilty this week to several federal charges related to his site "Cardplanet," which trafficked in stolen payment card data.

Cybercrime

Hackers Target European Energy Firm: Researchers

Scott Ferguson  •  January 24, 2020

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future.

Endpoint Security

Vulnerabilities Found in Some GE Healthcare Devices

Marianne Kolbasuk McGee  •  January 24, 2020

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches.

Cyberwarfare / Nation-State Attacks

Analysis: New Details on the Hacking of Jeff Bezos' iPhone

Nick Holland  •  January 24, 2020

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

Breach Notification

POS Vendor for Cannabis Dispensaries Exposed Data: Report

Marianne Kolbasuk McGee  •  January 23, 2020

A point-of-sale system vendor that serves U.S. medical and recreational cannabis dispensaries left an unprotected database containing sensitive information about three clients and 30,000 of their customers exposed to the internet, researchers say.

Application Security

Microsoft Error Exposed 250 Million Elasticsearch Records

Jeremy Kirk  •  January 23, 2020

Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. While the company rapidly locked them down after being alerted, it's an embarrassing gaff for the technology giant, which has pledged to do better.

Cybercrime

FBI Warns: Beware of Spoofed Job Application Portals

Akshaya Asokan  •  January 23, 2020

The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants.

Cybercrime

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz  •  January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Cyberwarfare / Nation-State Attacks

BT and Vodafone Reportedly Want Huawei 5G Gear

Mathew J. Schwartz  •  January 22, 2020

Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson  •  January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Advanced SOC Operations / CSOC

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Jeremy Kirk  •  January 21, 2020

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.