Greece Will Send Russian Cybercrime Suspect to France

Mathew J. Schwartz • July 19, 2018

A Greek court has ruled that Russian national Alexander Vinnik will be sent to France to face cybercrime charges. The U.S. has accused Vinnik of laundering $4 billion in bitcoins via the BTC-e exchange, which it said also handled stolen Mt. Gox and Silk Road bitcoins.

Biometrics

RiskIQ: Ticketmaster Hackers Compromised Widely Used Tools

Latest

Blockchain Applications

Using Blockchain to Support a New Approach to ID Management

Nick Holland • July 18, 2018

Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."

Data Breach

Telefónica Movistar Site Exposed Customer Billing Details

Jeremy Kirk • July 17, 2018

A Spanish consumer rights organization says telecommunications company Telefónica has fixed an elementary security error in its Movistar website that potentially exposed billing invoices for millions of customers. Telefónica says it hasn't detected fraudulent use of the data.

Breach Notification

Timehop Reveals Additional Data Compromised by Hacker

Jeremy Kirk • July 16, 2018

Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.

Authentication

Australian Airport Identity Card Issuer Breached

Jeremy Kirk • July 13, 2018

An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.

Breach Response

Analysis: California's Groundbreaking Privacy Law

Nick Holland • July 13, 2018

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.

Blockchain Applications

Cryptocurrency Exchange Developer Bancor Loses $23.5 Million

Jeremy Kirk • July 11, 2018

Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange. The cause of the hack may have been a failure by Bancor to protect authentication keys that allowed for changes in its token smart contracts.

Cybercrime

Evolving Cyberattacks Against Banks

Nick Holland • July 11, 2018

A new kind of cyberattack that targeted financial institutions in Europe and Russia to steal nearly $100 million illustrates how threats are evolving, says Brian Hussey of Trustwave, who discusses mitigation steps.

Fraud

A Successful Strategy for Fighting Phishing

Nick Holland • July 11, 2018

The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group.

Breach Response

Timehop: Lack of Multifactor Login Controls Led to Breach

Jeremy Kirk • July 10, 2018

Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.

Fraud Management & Cybercrime

The Battle for Data Integrity

Tom Field • July 10, 2018

Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.

Governance

Bringing Vendor Risk Management to the Midmarket

Nick Holland • July 9, 2018

A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices.

Legislation

Why California's New Privacy Law Is a 'Whole New Ballgame'

Marianne Kolbasuk McGee • July 9, 2018

While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why.