Latest

On The Frontlines: Patch Management

 •  October 11, 2019

Significant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.

Cybercrime

Capital One Hacking Trial Delay Likely

Scott Ferguson  •  October 11, 2019

Defense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.

Breach Notification

Hacked Off: Lawsuit Alleges CafePress Used Poor Security

Mathew J. Schwartz  •  October 11, 2019

Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.

Account Takeover

Singapore Man Charged in Large-Scale Cryptomining Scheme

Apurva Venkat  •  October 11, 2019

A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.

3rd Party Risk Management

Analysis: Twitter's Phone Number Repurposing 'Mistake'

Nick Holland  •  October 11, 2019

The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.

Business Email Compromise (BEC)

How Cybercriminals Continue to Innovate

Mathew J. Schwartz  •  October 10, 2019

Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

Biometrics

Privacy: How Technology Is Outpacing Regulation

Suparna Goswami  •  October 10, 2019

To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.

Cybercrime

Volusion Payment Platform Sites Hit by Attackers

Scott Ferguson  •  October 9, 2019

A security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion. Among the victims: The Sesame Street Live online store.

Incident & Breach Response

FBI: Cybercriminals Are Bypassing Multifactor Authentication

Akshaya Asokan  •  October 9, 2019

The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.

Cyberwarfare / Nation-State Attacks

Preventing Election Interference: New Recommendations

Apurva Venkat  •  October 9, 2019

To counter efforts to interfere in the 2020 presidential election, the Senate Intelligence Committee recommends new security measures for social media companies, new legislation and creating an interagency task force.

Fraud Management & Cybercrime

Twitter Apologizes for Repurposing Phone Numbers

Jeremy Kirk  •  October 9, 2019

Twitter apologized on Tuesday for repurposing phone numbers provided by users for security features for use in targeted advertising, claiming the move was a mistake. Earlier, Facebook was reprimanded for a similar practice.

Governance

NSA Is Latest Intelligence Agency to Sound VPN Patch Alarm

Mathew J. Schwartz  •  October 9, 2019

The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.