(Source: USCapital via Flickr/CC)

Bill Would Create State Cybersecurity Leader Positions

Akshaya Asokan • January 20, 2020

A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government.

Cyberwarfare / Nation-State Attacks

Albany Airport Pays Off Sodinokibi Ransomware Gang: Report

Latest

Anti-Money Laundering (AML)

How Cybercriminals Are Converting Cryptocurrency to Cash

Ishita Chigilli Palli • January 20, 2020

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according a report by Chainalysis.

Application Security

Microsoft Warns of Zero-Day Internet Explorer Exploits

Mathew J. Schwartz • January 20, 2020

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.

Active Defense & Deception

Sizing Up Today's Deception Technology

Nick Holland • January 20, 2020

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Cybercrime

'WeLeakInfo' Website Shut Down

Scott Ferguson • January 17, 2020

Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

Cybercrime

Cyberattack on a Major Bank Would Have Ripple Effect: Study

Ishita Chigilli Palli • January 17, 2020

A cyberattack targeting one of the largest banks in the U.S. that stops the processing of payments likely would have a major ripple effect throughout the financial system, according to a new report from the Federal Reserve Bank of New York.

Business Email Compromise (BEC)

BEC Fraudsters Targeting Financial Documents: Report

Scott Ferguson • January 17, 2020

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland • January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

Governance

Windows Vulnerability: Researchers Demonstrate Exploits

Scott Ferguson • January 16, 2020

A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.

Cybercrime

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Mathew J. Schwartz • January 16, 2020

As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked. Seeking greater leverage against non-paying victims, Maze and Sodinokibi attackers are not just threatening to leak stolen data; they're also following through.

Electronic Healthcare Records

HHS Reveals Draft of 5-Year 'Strategic Health IT Plan'

Marianne Kolbasuk McGee • January 15, 2020

HHS has issued a draft of a five-year strategic health IT plan that is largely focused on providing patients with secure access to their health information as well as supporting secure, interoperable health information exchange among providers.

Breach Notification

Equifax Settles Mega-Breach Lawsuit for $1.38 Billion

Jeremy Kirk • January 15, 2020

A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.

Account Takeover

How Wireless Carriers Open the Door to SIM Swapping Attacks

Scott Ferguson • January 15, 2020

A new Princeton University research paper finds that five major U.S. prepaid wireless carriers are leaving their customers open to SIM swapping attacks. The main culprit is weak account authentication procedures that attackers can easily exploit.