FBI to DDoS Victims: Please Come Forward

Mathew J. Schwartz • October 19, 2017

The FBI is asking all U.S. victims of DDoS attacks to please come forward. The bureau's plea for more information from cyberattack victims parallels similar requests made this week by British authorities speaking at ISMG's Fraud and Breach Prevention Summit in London.

Encryption

Equifax: 15.2 Million UK Records Exposed

Latest

Anti-Fraud

IRS Chief Defends Taxpayer Data Protection Efforts

Eric Chabrow • October 18, 2017

The Internal Revenue Service is pushing back at critics who contend the tax agency isn't doing enough to secure its information technology. Commissioner John Koskinen cites headway in preventing criminals from gaining access to tax filers' personally identifiable information.

Authentication

DHS Imposes Email Security Measures on Federal Agencies

Eric Chabrow • October 17, 2017

A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.

Anti-Malware

Profiling DHS Secretary-Designate Kirstjen Nielsen

Eric Chabrow • October 17, 2017

A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.

Breach Response

A Conversation With the Cyber Gang 'The Dark Overlord'

Eric Chabrow • October 13, 2017

A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.

Breach Notification

Hacker Steals Joint Strike Fighter Plans in Australia

Mathew J. Schwartz • October 12, 2017

A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.

Data Breach

Report: North Korean Hackers Stole War Plans

Mathew J. Schwartz • October 11, 2017

North Korea's leaders apparently blew a gasket over "The Interview," a comedy film that centered on an assassination plot against North Korea's leader. So how might the country have reacted to U.S.-South Korean "decapitation strike" plans reportedly stole last year by Pyongyang-affiliated hackers?

CISO

US InfoSec Employment Surpasses 100,000

Eric Chabrow • October 11, 2017

The number of information security analysts employed in the United States has topped 100,000 for the first time, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.

Compliance

How to Comply With New York's Cybersecurity Regulation

Mathew J. Schwartz • October 10, 2017

New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.

Authentication

Social Security: Days Numbered as an Identifier?

Eric Chabrow • October 10, 2017

An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.

Anti-Malware

Report: Malware-Wielding Hackers Hit Taiwanese Bank

Mathew J. Schwartz • October 9, 2017

Malware-wielding attackers reportedly hacked into a Taiwanese bank last week and transferred nearly $60 million via fraudulent SWIFT money-moving messages to accounts in Cambodia, Sri Lanka and the United States. Authorities say most of the stolen funds have been recovered.

Breach Notification

Following Disqus Breach, Expert Discloses More Old Breaches

Jeremy Kirk • October 9, 2017

The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?

ATM Fraud

Hackers Practice Unauthorized ATM Endoscopy

Mathew J. Schwartz • October 9, 2017

Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with "black box" attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.