Consumer Advocates Criticize Equifax Settlement Plan

Mathew J. Schwartz • July 23, 2019

Equifax's move to settle federal and 48 states' probes, as well as class action lawsuits, would see breach victims being able to claim up to $20,000 for unreimbursed expenses. But some consumer advocates and government officials say the proposed deal is insufficient, given the magnitude of Equifax's failures.

Cyberwarfare / Nation-state attacks

Despite BlueKeep Warnings, Many Organizations Fail to Patch

Latest

Business Continuity Management / Disaster Recovery

iNSYNQ Continues Recovery From MegaCortex Ransomware Attack

Akshaya Asokan • July 23, 2019

A week after a ransomware attack locked up customer files and data at online cloud hosting provider iNSYNQ, the company is continuing to recover and restore its internal infrastructure. It remains unclear how much longer this process will take, the company acknowledges.

Governance

2.3 Billion Files Exposed Online: The Root Causes

Marianne Kolbasuk McGee • July 22, 2019

Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.

Business Email Compromise (BEC)

BEC Scams Cost U.S. Companies $300 Million Per Month: Study

Scott Ferguson • July 19, 2019

Business email compromise scams are surging, and they're costing U.S. companies a total of more than $300 million a month, according to a recently released analysis by the U.S. Treasury Department. The report pinpoints which sectors are hardest hit by this type of fraud.

Endpoint Security

Researchers Trick Cylance Into Giving Malware a Pass

Jeremy Kirk • July 19, 2019

An Australian cybersecurity company says it tricked BlackBerry's Cylance Protect anti-virus product into believing that some of the most pernicious types of malware, including WannaCry and the SamSam ransomware, were benign programs.

Application Security

Tesla Vulnerability: A Bounty Hunter's Tale

Nick Holland • July 19, 2019

The latest edition of the ISMG Security Report describes the accidental discovery of a Tesla software vulnerability. Also featured: an analysis of the latest ransomware trends and insights from former federal advisers Richard Clarke and Robert Knake on cyber resilience.

Phishing Scheme Targets Amex Cardholders

Akshaya Asokan • July 18, 2019

Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense.

General Data Protection Regulation (GDPR)

Patient Record Snooping Incident Leads to GDPR Fine

Marianne Kolbasuk McGee • July 18, 2019

Authorities in the Netherlands recently levied a $516,000 fine under the General Data Protection Regulation against a hospital in the Hague in connection with a data breach involving "dozens" of staffers who snooped on the electronic medical records of a celebrity.

Cybercrime

Impact of AMCA Breach Continues to Grow

Marianne Kolbasuk McGee • July 18, 2019

The impact of the massive American Medical Collection Agency data breach continues to grow. At least two more laboratories have said their patients' data was potentially compromised by the breach. Meanwhile, court filings accuse AMCA of a lack of "cooperation and transparency" in the wake of the incident.

Cybercrime

Bulgarian Authorities Arrest Suspect in Massive Data Breach

Akshaya Asokan • July 17, 2019

Bulgaria's national cybercrime unit has arrested a 20-year-old local man for his alleged role in breaching the country's tax servers and exposing the financial details and other personal data of nearly 5 million citizens, according to news media reports.

Cybercrime as-a-service

Suspected Rubella Toolkit Mastermind Arrested

Scott Ferguson • July 17, 2019

A 20-year-old Dutch man suspected of creating the Rubella Macro Builder toolkit and distributing it on underground forums has been arrested by the Dutch National Police, which received assistance from McAfee. Rubella and other toolkits enable attackers to distribute malware through weaponized Office documents.

Active Defense & Deception

How Deception Technology Is Evolving

Nick Holland • July 17, 2019

Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.

Blockchain & Cryptocurrency

Senators Scrutinize Facebook's Cryptocurrency Plans

Scott Ferguson • July 16, 2019

At a Senate committee hearing on Tuesday, lawmakers grilled a Facebook executive about the company's plans to launch a cryptocurrency. One Democratic senator said Facebook "does not respect the power of the technologies they are playing with - like a toddler who has gotten his hands on a book of matches."