Source: Symantec

Hackers Wield Commoditized Tools to Pop West African Banks

Mathew J. Schwartz • January 21, 2019

Banks in West Africa have been targeted by at least four hacking campaigns since mid-2017, with online attackers wielding commoditized attack tools and "living off the land" tactics to disguise their efforts, Symantec warns.

Anti-Malware

Government Shutdown: Experts Fear Deep Cybersecurity Impact

Latest

Data Loss

Report: Federal Trade Commission Weighs Facebook Fine

Jeremy Kirk • January 21, 2019

The U.S. Federal Trade Commission is close to concluding its investigation into Facebook over the Cambridge Analytica scandal, the Washington Post reports, noting that the social network may face a record-setting fine, exceeding the $22.5 million fine the FTC in 2012 slammed on Google.

Breach Preparedness

Ransomware: A Pervasive, Evolving Threat

Nick Holland • January 18, 2019

Leading the latest edition of the ISMG Security Report is an in-depth look at why ransomware remains a pervasive threat and how it's evolving. Also featured: updates on venture capital investments in cybersecurity and a study of vulnerabilities in industrial remotes.

Cybersecurity

Venture Capital Pours Into Cybersecurity

Nick Holland • January 18, 2019

Venture capitalists invested $5.3 billion in cybersecurity companies in 2018, about 20 percent more than in 2017 and twice as much as 2016, according to research from Strategic Cyber Ventures. What's ahead for 2019 and beyond?

Application Security

Airline Booking System Exposed Passenger Details

Jeremy Kirk • January 17, 2019

Airline booking system provider Amadeus - whose system is used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.

Cybersecurity

Your Garage Opener Is More Secure Than Industrial Remotes

Jeremy Kirk • January 16, 2019

Radio controllers used in the construction, mining and shipping industries are vulnerable to hackers, Trend Micro says in a new report. To address the issue, researchers say, manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy.

Cybersecurity

Quantum Computing: Sizing Up the Risks to Security

Suparna Goswami • January 16, 2019

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, CISO at U.K.-based Bytes Software Services.

Governance

Hard-Coded Credentials Found in ID, Access Control Software

Jeremy Kirk • January 15, 2019

Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.

Cybercrime

UK Sentences Man for Mirai DDoS Attacks Against Liberia

Jeremy Kirk • January 14, 2019

A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016. A rival internet services provider paid Kaye $100,000 to launch the attacks.

General Data Protection Regulation (GDPR)

'Right to Be Forgotten' Should Be EU-Only, Adviser Says

Mathew J. Schwartz • January 11, 2019

Europe's "right to be forgotten" should not apply worldwide, but only inside the EU, according to a nonbinding opinion issued to the European Court of Justice by one of its advocate generals regarding a case that arose from a dispute between France's data privacy watchdog and Google.

Authentication

A Fraud-Fighting Strategy for P2P Payments

Nick Holland • January 11, 2019

Customer lifecyle data management can play an important role in cracking down on fraud tied to the growth in real-time P2P payments, says David Barnhardt of the security firm GIACT.

Breach Response

Card-Not-Present Fraud Costs Mount

Nick Holland • January 11, 2019

A Juniper Research analysis of why card-not-present fraud will continue to grow leads this week's edition of the ISMG Security Report. Also featured: Updates on a Neiman Marcus breach lawsuit settlement and a German hacking incident.

Audit

Neiman Marcus Settles Lawsuit Over Payment Card Breach

Jeremy Kirk • January 10, 2019

Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data.