Mission Health Says Patient Medical Data Was Not ExposedA North Carolina-based healthcare organization has reportedly discovered that malicious code had been contained on its e-commerce site for three years, sending consumers' payment information to unauthorized individuals.
Researchers Tie 'Operation Ghost' Activity to The Dukes, aka Cozy Bear and APT29While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 in recent years appeared to have gone somewhat quiet, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."
Cybercriminals Have Stolen About $40,000 So Far, Researchers SayESET researchers have uncovered a new cybercriminal scheme that uses a trojanized version of the Tor Browser for stealing bitcoins from darknet users. So far, the scam has netted about $40,000 in virtual currency so far, the security firm says.
Report Finds 550 Fraudulent Election Domains Connected to Presidential RaceAt least 550 fraudulent domains have been aimed at users who accidentally mistype the URL for a political candidate or election-related group, warn researchers at Digital Shadows. While many of these "typosquatting" domains appear to be relatively harmless, some could be more nefarious.
Researchers Link 'Operation Ghost' to The Dukes, aka Cozy Bear and APT29While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 has been laying somewhat low over the last three years, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."
Senate Bill Would Give Consumers Control of How Their Personal Data Gets UsedNew legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?
Researchers Traces Bitcoins Paid to Ransomware-as-a-Service Operation AffiliatesSodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.
The latest edition of the ISMG Security Report discusses the shutdown of DeepDotWeb. Plus, dealing with breach fatigue and the Pitney Bowes ransomware attack.
Payment Card and Passport Data Are Most Sought-After Commodities, Report FindsThe prices for specific types of cybercriminal tools on darknet sites continue to rise, according to a recent analysis by security firm Flashpoint. Payment card and passport data remain the most sought-after commodities on these forums, research shows.
Scammers Made Over $110,000 in Five Month, Researchers SayScammers are using the notorious Phorpiex botnet as part of an ongoing "sextortion" scheme, according to Check Point researchers. At one point, the botnet was sending out over 30,000 spam emails an hour and the attackers made about $110,000 in five months, researchers say.
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
With 18 Vendors on Board, Experts Assess New Group's Chances for SuccessEighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications. But some observers say getting all players to agree on a common platform will be challenging.
Malware Designed to Infect Devices of Cryptocurrency Exchange EmployeesSecurity researchers have found that a hacking group, which may have North Korean ties, recently created a phony company offering a cryptocurrency exchange platform as a step toward planting malware on the macOS devices of employees of cryptocurrency exchanges.
According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization talking with adversary infrastructure?
Using Docker Containers to Spread Worm Is a New, Untested Technique, Researchers SayAttackers are using Docker containers to spread a cryptojacking worm in a campaign dubbed "Graboid," according to researchers at Palo Alto Network's Unit 42 threat research unit. Although the researchers describe the campaign as "relatively inept," they says it has the potential to become much more dangerous.
GlobeImposter 2.0 and Sodinokibi Strikes Also Common, Researchers FindRansomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma .cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.
How can financial services institutions better protect employee passwords?One of the most common threat vectors plaguing financial services institutions is the employee password.
The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of Blackberry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.
Iranian-Backed Hacking Group Targeting Research Universities"Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S. and Europe in an attempt to steal intellectual property, according to the security firm Proofpoint.
Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.
In the wake of a federal appeals court ruling last year vacating a Federal Trade Commission enforcement action against LabMD, the FTC's data security consent orders are becoming far more detailed and rigorous, says former FTC attorney Julie O'Neill.
Mastercard, Visa, PayPal Defect From Facebook's Libra CryptocurrencyThe not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.
FireEye Says Financial Hacking Group Is Deploying New Dropper and PayloadDespite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.
'All Options' Under Consideration for Recovery, Mailing Equipment Giant Says
Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear at risk. The postage meter maker says "all options" are being considered for recovery, meaning the it could pay a ransom.
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
Officials Attempt to Clarify Complex California Law's RequirementsGov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.
Imperva Says Key Was Stolen and Used to Take Critical Customer DatabaseCybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.
Chris Hallenbeck of Tanium Discusses Critical Risk Management StrategiesSignificant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.
Prosecutors, Defense Attorneys Ask Judge for Delay, Citing Massive Amounts of Data to ReviewDefense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.
Chris Hallenbeck of Tanium Discusses Good Security HygieneSignificant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.
Prosecutors Say Suspect Stole IDs and Cloud Resources to Mine Virtual CurrenciesA Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.
New EU Report Sidesteps Concerns About Huawei's RoleNation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.
23 Million Victims Across US, UK, EU and Australia Receive Breach NotificationsPersonalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.
The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.
Learn from a former U.S. Cybercriminal on why social engineering is one of the most difficult to stop online crimes.As a fraud management leader, are you aware that social engineering is a widespread and increasingly common tactic used to takeover customer accounts? Learn more about why social engineering is one of the most dangerous and difficult to stop online crimes.
What is a "reasonable" response to a cyber incident? Following a recent roundtable dinner discussion of the topic, Jonathan Nguyen-Duy of Fortinet discusses getting cyber right.
Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent ThreatsOnline attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.
To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.
Senate Intel Committee Calls for Congress, White House and Social Media Firms to Take ActionTo counter efforts to interfere in the 2020 presidential election, the Senate Intelligence Committee recommends new security measures for social media companies, new legislation and creating an interagency task force.
Sesame Street Live Among Sites Hit by Card-Skimming Attacks, Researcher WarnsA security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion. Among the victims: The Sesame Street Live online store.
Check Point Researcher Identifies Card Skimming Attacks on Sesame Street Live, Other SitesA security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion. Among the victims: The Sesame Street Live online store.
As part of a multi-city tour, ISMG and Sonatype visited Atlanta recently for an engaging discussion on how to mitigate risks introduced by open source code. Here's a conversation with DevOps advocate Derek Weeks.
Senate Intel Committee Calls for Congress, White House and Social Media Firms to Take ActionTo counter efforts to interfere in the 2020 presidential election, the Senate Intelligence Committee recommends new security measures for social media companies, new legislation and creating an interagency task force.
When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.
Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA ProtectionsThe FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.
Not Just Patch or Perish, But Also Pay Attention, Security Experts Warn
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.
Phone Numbers Provided for Security Were Used for Targeted AdvertisingTwitter apologized on Tuesday for repurposing phone numbers provided by users for security features for use in targeted advertising, claiming the move was a mistake. Earlier, Facebook was reprimanded for a similar practice.
Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.
John Matthews of Extrahop on Avoiding Homogeneity in Security PlatformsHomogeneity in security platforms can be a problem, says John Matthews of Extrahop, who makes the case for avoiding implementing a "SOC in a box."
Johnathan Nicholson, Former Interac CISO, on How to Change the CultureHow can organizations overcome resistance to implementing DevSecOps? Johnathan Nicholson, former CISO at Interac, the Canadian interbank network, provides insights.
Jeffrey Edwards of Progress Software on Ensuring PrivacyFile transfers are a significant factor in accidental insider risk. Jeffrey Edwards of Progress Software explains how secure file transfers can help ensure privacy and play a role in regulatory compliance.
Michael Theis of CERT Insider Threat Center on Best PracticesThe battle against insider threats requires a balance of sanctions and incentives, says Michael Theis of the CERT Insider Threat Center.
Kevin Haley of Symantec Shares Key FindingsKevin Haley of Symantec shares key findings from the company's latest Internet Security Threat Report.
Join three industry practitioners to learn about the most pressing challenges of today.
Join three industry practitioners to learn about the most pressing challenges of today.
David Masson of Darktrace Discusses Countermeasures to Malicious AICriminals are weaponizing artificial intelligence and machine learning for cyberattacks. David Masson of Darktrace describes how to fight back at "machine speed."
Kimberly Sutherland of LexisNexis Risk Solutions on the Threat LandscapePayment fraud is a universal threat, but there are regional nuances. Kimberly Sutherland of LexisNexis Risk Solutions compares the threat landscapes in Canada and the United States.
Fatima Khan of Okta on Going Beyond GDPR ComplianceCompliance with the European Union's General Data Protection Regulation is no guarantee of compliance with other privacy regulations, says Fatima Khan of Okta, who discusses the challenges.
GitHub Projects Riddled With Flawed Stack Overflow Code, Researchers Find
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
Google Security Evangelist Mike Burr Describes Android Security MeasuresMike Burr of Google provides an overview of Android security efforts, including using artificial intelligence to scan Android apps.
Report Estimates Anticipated Expenses for California Consumer Privacy Act ComplianceThe California Consumer Privacy Act could cost companies in the state a total of $55 billion for initial compliance expenses, according to a new study prepared for the state attorney general's office. The landmark privacy legislation is slated to go into effect on Jan. 1, 2020.
Eric Bucher of Sequence Security on the Role of Machine LearningMalicious bot attacks are on the rise. Eric Bucher of Cequence Security describes the role machine learning can play in mitigating the threat.
Gord Jamieson of Visa Canada Offers an UpdateGord Jamieson of Visa Canada offers an update on fraud-fighting efforts by describing two new fraud schemes and Visa's countermeasures.
Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines. But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
European Banking Authority Should Act Quickly to Adopt Uniform Timeline for All EU Nations
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Auditor Reveals Lack of IT Policies Ensuring Employees' PCs Centrally Backed Up
The city of Baltimore's ransomware outbreak - $18 million in costs and counting - led to many crypto-locked files being lost forever, because no IT policy mandated centralized file backups. But effective IT solutions exist to help solve this challenge, provided they're deployed in advance of an attack.
US President Appears to Reference Conspiracy Theories
Why did U.S. President Donald Trump discuss cybersecurity firm CrowdStrike with the president of Ukraine, saying "the server, they say Ukraine has it"? Experts say Trump appears to be referring to one or more conspiracy theories, none of which have a basis in reality.
Researchers Discovered Geost Botnet After Attackers Made Operational Security MistakesA large-scale banking botnet has targeted approximately 800,000 Android devices belonging to Russian citizens since at least 2016, according to a new research report by a trio of cybersecurity researchers.
New Report Asserts That Using CVSS Scores Alone Is InadequateRather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
'Phosphorous' Hacking Group Attempted Attacks on 240 Email Accounts Over Two MonthsMicrosoft says that over the past two months, a hacking group apparently linked to Iran targeted email accounts associated with the campaign of one 2020 U.S. presidential candidate, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.
The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Illinois affected by severe storms, straight-line winds, and tornadoes.
Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.
The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014.
The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities.
What's it like to serve in the dual roles of CISO and DPO? Gregory Dumont, who has both responsibilities at SBE Global, a provider of repair and after-sales service solutions to the electronics and telecommunication sectors, explains how the roles differ.
The latest edition of the ISMG Security Report analyzes concerns about the use of Huawei equipment by U.S. telecommunications firms. Also featured: A Huawei executive discusses 5G security, plus an update on an Australian ransomware attack.
Pulse Secure, Palo Alto and Fortinet Devices Being Hit by APT Groups, NCSC WarnsNation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.