Latest

Breach Notification

GDPR: $126 Million in Fines and Counting

Mathew J. Schwartz  •  January 21, 2020

Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.

Advanced SOC Operations / CSOC

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Jeremy Kirk  •  January 21, 2020

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.

Artificial Intelligence & Machine Learning

Google CEO Backs EU's Proposed Facial Recognition Ban

Ishita Chigilli Palli  •  January 21, 2020

Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.

Fraud Management & Cybercrime

Maryland Considers Criminalizing Ransomware Possession

Akshaya Asokan  •  January 21, 2020

Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison, similar to moves at least two other states have already made. But is such legislation effective?

Governance

Citrix Releases First Patches to Fix Severe Vulnerability

Scott Ferguson  •  January 20, 2020

Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.

Application Security

Microsoft Warns of Zero-Day Internet Explorer Exploits

Mathew J. Schwartz  •  January 20, 2020

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.

Cybercrime

Bill Would Create State Cybersecurity Leader Positions

Akshaya Asokan  •  January 20, 2020

A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government.

Active Defense & Deception

Sizing Up Today's Deception Technology

Nick Holland  •  January 20, 2020

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Cybercrime

'WeLeakInfo' Website Shut Down

Scott Ferguson  •  January 17, 2020

Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

Business Email Compromise (BEC)

BEC Fraudsters Targeting Financial Documents: Report

Scott Ferguson  •  January 17, 2020

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.

Cyberwarfare / Nation-State Attacks

FBI Promises 'Timely' Election Breach Reports for Officials

Akshaya Asokan  •  January 17, 2020

The FBI has created a new policy to give "timely" breach notifications to state and local officials concerning election hacking and foreign interference. The updated guidelines look to correct some of the mistakes in the run-up to the 2016 presidential election.

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland  •  January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.