(Photo: KNFind via Pixabay)

New York Court Shuts Down Crypto Platform 'Coinseed'

Dan Gunderman • September 15, 2021

New York officials won a court order shuttering cryptocurrency trading platform Coinseed, after it allegedly defrauded thousands of investors out of millions of dollars, according to State Attorney General Letitia James. The court also awarded a $3 million judgment against Coinseed and its CEO.

Blockchain & Cryptocurrency

White House Pushing Federal Agencies Toward 'Zero Trust'

Latest

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

Business Continuity Management / Disaster Recovery

House Committees Seek to Spend Millions on Cybersecurity

Scott Ferguson • September 15, 2021

A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate over the Biden administration's $3.5 trillion budget proposal for 2022. Part of the money would help fulfill Biden's executive order.

Access Management

Microsoft Fully Ditches the Password

Doug Olenick • September 15, 2021

Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Critical Infrastructure Security

Russia Has Taken No Action to Combat Ransomware, FBI Says

Mathew J. Schwartz • September 15, 2021

Senior U.S. officials say that there have been no signs that Moscow has begun to crack down on ransomware-wielding criminals operating from inside Russia's borders. President Biden has called on Russia to act responsibly, and U.S. intelligence has been sharing information on top suspects.

Access Management

Travis CI Flaw Exposed Secrets From Public Repositories

Jeremy Kirk • September 15, 2021

Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.

3rd Party Risk Management

Top Initial Attack Vectors: Passwords, Bugs, Trickery

Mathew J. Schwartz • September 14, 2021

The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.

Application Security

Apple Patched iMessage. But Can It Be Made Safer Overall?

Jeremy Kirk • September 14, 2021

Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists. But a few changes to iMessage could make it safer overall for individuals at high risk of surveillance, says an Apple security expert.

3rd Party Risk Management

20 Years After 9/11: How US Cybersecurity Landscape Evolved

Doug Olenick • September 10, 2021

In the 20 years since the Sept. 11, 2001, al Qaida terrorist attacks on targets in the U.S., the need to shore up critical infrastructure and build resilience into systems remains a priority. But over the past two decades, concerns about physical threats have been displaced by cyber concerns.

Blockchain & Cryptocurrency

ISMG Editors' Panel: Ransomware Affiliates Seek New Gangs

Anna Delaney • September 10, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.

Cybercrime

United Nations Says Attackers Breached Its Systems

Jeremy Kirk • September 10, 2021

The United Nations says its networks were accessed by attackers earlier this year, leading to follow-on intrusions. One cybercrime analyst reports that he'd alerted NATO after seeing access credentials for one of its enterprise resource planning software systems for sale via the cybercrime underground.

Critical Infrastructure Security

Ransomware: Hot or Not? Here's Attackers' Ideal Target

Anna Delaney • September 10, 2021

The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips.

Breach Notification

Ransomware Stopper: Mandatory Ransom Payment Disclosure

Mathew J. Schwartz • September 10, 2021

"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.