Latest

Anti-Phishing, DMARC

Why Did Federal Agencies See Fewer Breaches in 2018?

Apurva Venkat  •  August 21, 2019

Federal government agencies experienced 12 percent fewer cyber incidents in 2018, when there were no "major" data breaches, according to a new White House report. But the report notes there's still plenty of risk mitigation work to be done.

Account Takeover

Fake VPN Website Delivers Banking Trojan

Akshaya Asokan  •  August 21, 2019

Researchers at the security firm Doctor Web have uncovered a fake website for a VPN provider that's designed to spread a Trojan that can steal credentials to bank accounts.

Business Continuity Management / Disaster Recovery

Texas Says 22 Local Government Agencies Hit by Ransomware

Mathew J. Schwartz  •  August 21, 2019

Ransomware-wielding attackers continue to target not just big businesses and large government agencies, but increasingly their smaller counterparts too. In Texas, officials say a campaign tied to a "single threat actor" infected 22 local government agencies on Friday.

Governance

Is Apple's Top $1 Million Bug Bounty Too Much?

Jeremy Kirk  •  August 21, 2019

Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.

Biometrics

Use of Facial Recognition Stirs Controversy

Apurva Venkat  •  August 20, 2019

A developer's use of facial recognition technology to scan the faces of pedestrians in London has sparked concerns from residents, the mayor and Britain's privacy watchdog. Meanwhile, the use of the technology is raising privacy concerns worldwide and is even becoming an issue in the U.S. presidential race.

Cyberwarfare / Nation-State Attacks

Facebook and Twitter Scuttle Hong Kong Disinformation

Mathew J. Schwartz  •  August 20, 2019

Facebook and Twitter have suspended a number of accounts and pages that they have tied to information operations being run by the Chinese government. Disinformation has targeted pro-democracy demonstrators in Hong Kong - likening them to cockroaches - while dismissing anti-Beijing sentiment as "fake news."

►

Cybercrime

Threat Intel for a Global Economy

Tom Field  •  August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

►

Endpoint Security

Medical Device Security: The Doctor's View

Tom Field  •  August 20, 2019

For years now, pediatrician Dale Nordenberg has been battling within the U.S. to ensure that medical device security is given proper attention and regulation. But it's a global concern, and his cause recently received a warm reception in Brazil.

Business Email Compromise (BEC)

FBI Arrests Nigerian Suspect in $11 Million BEC Scheme

Scott Ferguson  •  August 19, 2019

The FBI has arrested a Nigerian businessman for allegedly carrying out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar.

Breach Notification

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz  •  August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan  •  August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Cyberwarfare / Nation-State Attacks

US CyberDome Poised to Protect 2020 Elections

Tom Field  •  August 16, 2019

An A-list of cyber experts, including former Homeland Security Secretary Jeh Johnson, has put its weight behind U.S. CyberDome, a nonpartisan initiative to protect presidential campaigns against foreign influence. Matthew Barrett, a former NIST leader and co-founder of CyberDome, outlines how this group is gearing up.