The Pentagon, headquarters of the U.S. Department of Defense, in Arlington, Virginia (Photo: Touch of Light, via Flickr/CC)

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Mathew J. Schwartz • October 15, 2018

The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.

Cybercrime

Feds Indict 7 Russians for Hacking and Disinformation

Latest

RSA President on the Case for a Risk-Based Security Model

Geetha Nandikotkur • October 15, 2018

CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."

Breach Response

Facebook Clarifies Extent of Data Breach

Howard Anderson • October 12, 2018

Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected.

Endpoint Security

Review Shows Glaring Flaws In Xiongmai IoT Devices

Jeremy Kirk • October 12, 2018

Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.

Business Continuity/Disaster Recovery

Safeguarding Critical Infrastructure From Cyberattacks

Nick Holland • October 12, 2018

The biggest challenge for any critical infrastructure facing potential cyberattacks is devising ways to maintain business continuity, says cybersecurity specialist Prashant Pillai, who calls for building resilience into network design. He'll be a speaker at ISMG's Security Summit: London, to be held Oct. 23.

An Assessment of Google's Data Leak

Nick Holland • October 12, 2018

An in-depth report on the exposure of personal details for 500,00 Google+ accounts leads the latest edition of the ISMG Security Report. Also featured: an update on mitigating the risk of business email compromises and tips for protecting critical infrastructure.

Governance

Network vs. Endpoint Security: Striking the Right Balance

Varun Haran • October 12, 2018

With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner.

Business Email Compromise (BEC)

Defending Against Business Email Compromise Attacks

Nick Holland • October 10, 2018

What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.

Cybercrime

Suspected NASA Hacker Busted After Boasting About Exploits

Mathew J. Schwartz • October 10, 2018

Memo to hackers: Boasting about your exploits on social media channels is a good way to get caught. Indeed, Italian police say they busted a suspected hacker after he bragged not only about defacing the NASA home page but also about being part of a group calling itself "Master Italian Hackers Team."

Cybercrime

Dutch and British Governments Slam Russia for Cyberattacks

Mathew J. Schwartz • October 5, 2018

The British and Dutch governments have issued a strong rebuke to the Russian government over an ongoing series of "Fancy Bear" hack attacks that they say were launched by Russia's military intelligence agency Russian Main Intelligence Directorate, aka the GRU.

Cyberwarfare / Nation-state attacks

Report: Chinese Spy Chip Backdoored US Defense, Tech Firms

Jeremy Kirk • October 5, 2018

Did the Chinese government pull off one of the most secretive hardware hacks of all time? That's what information security experts are pondering after a Bloomberg report described an espionage operation that purportedly planted a tiny spying chip on widely distributed server motherboards.

Cybercrime

Analysis: Facebook Breach's Impact

Nick Holland • October 5, 2018

The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.

Cybercrime

North Korean Hackers Tied to $100 Million in SWIFT Fraud

Mathew J. Schwartz • October 4, 2018

A gang of North Korean government hackers, known as APT38, has stolen more than $100 million from banks in Asia and Africa via fraudulent SWIFT transfers, cybersecurity firm FireEye warns. Separately, the U.S. government says North Korea is also behind serious ATM malware cash-out attacks.