Target Reaches $18.5 Million Breach Settlement with States

Mathew J. Schwartz • May 24, 2017

Target has reached a record settlement agreement with 47 states' attorneys general over its 2013 data breach. The breach resulted in hackers compromising 41 million customers' payment card details and contact details for more than 60 million customers being exposed.

Anti-Malware

Is WannaCry the First Nation-State Ransomware?

Latest

Breach Preparedness

How the Trump Budget Would Fund Cybersecurity

Eric Chabrow • May 24, 2017

The Donald Trump administration, in its fiscal 2018 budget, outlines steps it contends would strengthen the U.S. federal government's information systems, even as it would cut some cybersecurity spending at specific agencies.

Authentication

HSBC Experiences Voice Biometrics Telephone Banking Fail

Mathew J. Schwartz • May 23, 2017

Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.

Big Data

Why Big Data, Machine Learning Are Critical to Security

Varun Haran • May 23, 2017

Big data and machine learning will play increasingly critical roles in improving information security, predicts Will Cappelli, a vice president of research at Gartner, who describes the reasons why.

Data Breach

After Outlasting Sweden, WikiLeaks Founder's Fate Murky

Jeremy Kirk • May 22, 2017

Sweden has ended a seven-year rape investigation against WikiLeaks founder Julian Assange. But it's far from the end of the legal troubles for the man whose spilling of secrets has shaped world politics.

Ransomware

Beyond Patch Management: Ransomware Mitigation Strategies

Marianne Kolbasuk McGee • May 19, 2017

Beyond improving their patch management practices, what else can organizations do to avoid falling victim to ransomware attacks such as WannaCry? Security expert Doug Copley offers advice.

ATM Fraud

Police Bust ATM Black Box Hacking Suspects

Mathew J. Schwartz • May 18, 2017

Police in Europe have arrested 17 suspects as part of an EU-wide investigation into ATM black box attacks, Europol says. These "jackpotting" or "cash-out" attacks use rogue hardware to trick ATMs into dispensing all of their cash on demand.

Legislation

'PATCH Act' Aims to Help Prevent Cyberattacks

Jeremy Kirk • May 18, 2017

New legislation calls for an overhaul of the federal government's software vulnerability disclosure policies following the ransomware outbreak that was fueled by the leak of a stolen National Security Agency cyberweapon.

Cloud Computing

Modernizing Government Technology Act Passes House

Eric Chabrow • May 18, 2017

The House of Representatives has passed the Modernizing Government Technology Act, which supporters contend could help improve the security of the government's information networks. "It will keep our digital infrastructure safe from cyberattacks while saving billions of dollars," says bill sponsor Rep. Will Hurd.

Endpoint Security

GAO Assesses IoT Vulnerabilities

Marianne Kolbasuk McGee • May 17, 2017

Internet of things devices are vulnerable to an array of potential cyberattacks, including zero-day exploits, distributed denial-of-service attacks and passive wiretapping, according to a new GAO report, which cites mitigation advice from experts.

Anti-Malware

Before WannaCry, Cryptocurrency Miners Exploited SMB Flaw

Mathew J. Schwartz • May 16, 2017

Weeks before the WannaCry outbreak, other attackers unleashed malware that targeted the same SMB flaw in Windows. But instead of installing ransomware, this campaign instead infected endpoints with Adylkuzz cryptocurrency mining software, security researchers say.

Anti-Malware

Assistant to the President Makes Bold Cybersecurity Declaration

Eric Chabrow • May 16, 2017

The words of Assistant to the President Thomas Bossert, who boldly pledges to outdo previous administrations on improving federal government cybersecurity, lead the latest edition of the ISMG Security Report. Also, Microsoft's exasperation with the NSA over WannaCry ransomware.

Ransomware

Disney Is the Latest Cyber Extortion Victim

Mathew J. Schwartz • May 16, 2017

Disney is reportedly being targeted by cyber-extortionist hackers who have threatened to release a stolen, prerelease copy of the movie studio's fifth "Pirates of the Caribbean" film unless they receive a ransom, payable in bitcoins.