Latest

Anti-Money Laundering (AML)

Leaked FinCEN Reports Reveal Sensitive Security Details

Doug Olenick  •  September 22, 2020

What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.

Application Security

CISA Pushes Government Agencies to Patch 'Zerologon' Flaw

Jeremy Kirk  •  September 22, 2020

U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.

►

Fraud Management & Cybercrime

Why Companies Need a Whistleblower Policy

Suparna Goswami  •  September 22, 2020

Companies should have policies in place that encourage whistleblowers to call attention to fraud and ensure their jobs remain secure when they make revelations, says attorney Charles Middleton, a whistleblower advocate.

Cybercrime

Congress Questions NASA on Cybersecurity Efforts

Chinmay Rautmare  •  September 21, 2020

Foreign and domestic hacking activity targeting NASA continues to grow at a time when many staffers are working at home, space agency officials testified at a Friday Congressional hearing where they were questioned about risk mitigation efforts.

►

Artificial Intelligence & Machine Learning

A CISO's Tips on Implementing the 'Zero Trust' Model

Geetha Nandikotkur  •  September 18, 2020

An organization has successfully implemented a "zero trust" framework when it can achieve context-aware resolution of a risk, says Dr. Siva Sivasubramanian, CISO of SingTel Optus, an Australian telecommunications firm.

Cryptocurrency Fraud

Why Darknet Markets Persist

Mathew J. Schwartz  •  September 18, 2020

Empire is the latest darknet market to "exit scam," meaning administrators ran away with users' cryptocurrency, leaving the market to fail. Given the ongoing risk of exit scams, as well as police often targeting such markets, why do they persist?

Blockchain & Cryptocurrency

Researchers Find Mozi Botnet Continues to Grow

Prajeet Nair  •  September 18, 2020

Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit. The malware is being used to launch DDoS attacks as well as mine for cryptocurrency.

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney  •  September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Cyberwarfare / Nation-State Attacks

US Imposes Sanctions on Iranian APT Group

Doug Olenick  •  September 17, 2020

The U.S. Treasury Department on Thursday imposed sanctions on an Iranian advanced persistent threat group, 45 associated individuals and a front company the Iranian government allegedly used to run a years-long malware campaign that targeted Iranian dissidents, journalists and others.

Cybercrime

Analyzing the Role of Fraud Fusion Centers

Akshaya Asokan  •  September 17, 2020

Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.

Business Continuity Management / Disaster Recovery

Ransomware Attack at Hospital Leads to Patient's Death

Marianne Kolbasuk McGee  •  September 17, 2020

A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.

Cyberwarfare / Nation-State Attacks

2 Iranians Indicted for Lengthy Hacking Campaign

Akshaya Asokan  •  September 17, 2020

Two Iranian nationals have been charged with participating in a years-long hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data, according to the U.S. Department of Justice.