Page 3 - Euro Security Watch

Business Continuity Management / Disaster Recovery

Maze Ransomware Gang Continues Data-Leaking Spree

Mathew J. Schwartz • June 18, 2020

The Maze ransomware gang is continuing to exfiltrate data from victims before crypto-locking their systems, then leaking the data to try to force non-payers to accede to its ransom demands. Don't want to play ransomware gangs' latest games? The only way to opt out is by planning ahead.

Cyberwarfare / Nation-State Attacks

Should 'Killer Robots' Be Banned?

Mathew J. Schwartz • June 5, 2020

How big is the step from humans using drones to kill other humans to building lethal autonomous weapons systems that can kill on their own? Ethically and technologically, that's a huge leap. But military planners are working to build what some call "killer robots." And the UN wants them banned.

Cybercrime

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Mathew J. Schwartz • June 3, 2020

Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why?

Breach Notification

Toll Group Data Leaked Following Second Ransomware Incident

Mathew J. Schwartz • May 20, 2020

Australian shipping giant Toll Group recently suffered its second ransomware outbreak of the year, with Thomas Knudsen, the company's managing director, branding the latest attack as being "serious and regrettable." But was it preventable?

Business Continuity Management / Disaster Recovery

Ransomware Reminder: Paying Ransoms Doesn't Pay

Mathew J. Schwartz • May 14, 2020

Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.

COVID-19

Why Are We So Stupid About RDP Passwords?

Mathew J. Schwartz • May 7, 2020

In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Application Security

Digital Contact-Tracing Apps Must Win Hearts and Minds

Mathew J. Schwartz • May 6, 2020

Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Governance & Risk Management

Forget Whitelists and Blacklists: Go for 'Allow' or 'Deny'

Mathew J. Schwartz • May 5, 2020

Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

Application Security

Digital Contact-Tracing Apps: Hype or Helpful?

Mathew J. Schwartz • May 4, 2020

Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.

Fraud Management & Cybercrime

Contactless Payments: Healthy COVID-19 Defense

Mathew J. Schwartz • April 21, 2020

In the age of COVID-19 - when staying as close to home as possible and trying to avoid touching anything in public that might spread coronavirus is the new normal - cash is out, and "contactless" payments are in, if you're lucky enough to be able to use them.

Endpoint Security

'5G Causes COVID-19' Conspiracy Theory: No Fix for Stupid

Mathew J. Schwartz • April 17, 2020

As countries pursue national 5G rollouts, an unwanted security challenge has intensified: Some extremists have been vandalizing or even firebombing transmitter masts, driven by conspiracy theories suggesting not only that 5G poses a public health risk, but that it also helps cause COVID-19.

3rd Party Risk Management

The Cybersecurity Follies: Zoom Edition

Mathew J. Schwartz • April 3, 2020

The stuck-at-home chronicles have fast become surreal, as remote workers face down a killer virus on the one hand and the flattening of their work and personal lives on the other. To help, many have rushed to adopt Zoom. And for many use cases - hint: not national security - it is a perfectly fine option.

Cybercrime

Russia's Cybercrime Rule Reminder: Never Hack Russians

Mathew J. Schwartz • March 27, 2020

Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.

Endpoint Security

Visual Journal: RSA 2020 Conference

Mathew J. Schwartz • March 12, 2020

The RSA cybersecurity conference once again this year gathered tens of thousands of individuals to network and attend keynotes and briefings on topics ranging from election security and genomics to privacy and cybercrime. Here are 20 visual highlights from this year's event.

Application Security

7 RSA Takeaways: 'Human Element' Meets COVID-19 Concerns

Mathew J. Schwartz • March 6, 2020

RSA 2020 touched on a number of topics, including the security of elections and supply chains, plus AI, zero trust and frameworks, among many others. But from sessions on cryptography, to this year's lower attendance, to the antibacterial dispensers dotted around venues, concerns over COVID-19 also dominated.