Christina Hulka, executive director and COO, FIDO Alliance

Payments Rules Bring Customer Authentication to Forefront

Michael Novinson • January 27, 2023

Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.

Geo Focus: The United Kingdom

Profiles in Leadership: Matanda Doss

Latest

Blockchain & Cryptocurrency

Coinbase Fined 3.3 Million Euros by Dutch Central Bank

Rashmi Ramesh • January 27, 2023

The Dutch central bank fined Coinbase 3.3 million euros, saying the U.S. cryptocurrency exchange failed to comply with the national anti-money laundering statute. Since May 2020, Dutch law has required crypto companies operating in the Netherlands to register as money transmitters.

Fraud Management & Cybercrime

ISMG Editors: Why Are Ransomware Profits Dipping?

Anna Delaney • January 27, 2023

In the latest weekly update, four ISMG editors discuss why it pays off to have well-practiced incident response plans, whether Chat GPT is a blessing or a curse for penetration testers and bug bounty hunters, and how Microsoft has reason to be cheerful as security sales hit $20 billion.

Fraud Management & Cybercrime

Targets of Opportunity: How Ransomware Groups Find Victims

Mathew J. Schwartz • January 27, 2023

As ransomware continues to pummel numerous sectors, and lately especially the manufacturing industry, how does any given organization end up becoming a target or victim? Cybercrime watchers say the answer involves initial access brokers, botnets, targets of opportunity and, above all, profit.

Governance & Risk Management

ISACA Survey: Privacy in Practice 2023 Highlights

Anna Delaney • January 26, 2023

ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Cloud Security

Microsoft 365 Cloud Service Outage Disrupts Users Worldwide

Mathew J. Schwartz • January 25, 2023

Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.

Cybercrime

North Korean Crypto Hackers Keep Nose to the Grindstone

Mihir Bagwe • January 25, 2023

A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind."

Cybercrime

Malware Blurs Line Between Banking Trojan and Surveillance

Mihir Bagwe • January 23, 2023

Android malware highlighted by Dutch cybersecurity firm ThreatFabric shows the line between a banking Trojan and advanced spyware. The Trojan, dubbed Hook, can take a screenshot, simulate clicks and input swipe gesture commands. It can also take control of WhatsApp.

Blockchain & Cryptocurrency

Spanish Authorities Arrest 3 in Bitzlato Crackdown

Akshaya Asokan • January 23, 2023

Spanish authorities arrested three senior executives of the now-defunct cryptocurrency exchange platform Bitzlato, Europol announced. The crime coordination agency says about 46% of the assets exchanged through Bitzlato, worth roughly 1 billion euros, were linked to criminal activities.

Governance & Risk Management

David Derigiotis on the Complex World of Cyber Insurance

Steve King • January 23, 2023

In this episode of "Cybersecurity Unplugged," David Derigiotis of insurtech Embroker discusses the complex world of cyber liability insurance, including the collapse of crypto exchange FTX, recent breaches, and improvements in the cyber insurance industry.

Fraud Management & Cybercrime

Ransomware Profits Dip as Fewer Victims Pay Extortion

Mathew J. Schwartz • January 23, 2023

Bad news for ransomware groups: Experts find it's getting tougher to earn a crypto-locking payday at the expense of others. The bad guys can blame a move by law enforcement to better support victims, and more organizations having robust defenses in place, which makes them tougher to take down.

Cloud Security

Chinese Group Targeting Vulnerable Cloud Providers, Apps

Prajeet Nair • January 21, 2023

Cybersecurity researchers say a Chinese for-profit threat group tracked as 8220 Gang is targeting cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot. The malware can slow system performance, drive up costs and expose systems to security risks.

Attack Surface Management

Fortinet VPN Flaw Shows Pitfalls of Security Appliances

Mihir Bagwe • January 20, 2023

Security appliances are targets for sophisticated threat actors who take advantage of devices' limited configuration and logging features, as well as their incompatibility with endpoint detection and response. Suspected Chinese hackers took advantage of a Fortinet zero-day to implant a backdoor.