Latest

Cyberwarfare / Nation-State Attacks

6 Takeaways: Russian Spies Accused of Destructive Hacking

Mathew J. Schwartz  •  October 20, 2020

U.S. officials have accused the Russian government of behaving "maliciously or irresponsibly" by taking steps such as crashing Ukraine power grids in the dead of winter and causing more than $10 billion in damages via NotPetya malware. But why make the accusations now? And how might Moscow respond?

►

Cyberwarfare / Nation-State Attacks

Cybersecurity's Inconvenient Truth: The Nation-State Threat

Tom Field  •  October 20, 2020

Has the nation-state threat become like the weather - something everyone talks about, but no one can do anything about? It's time for a strategic change. A panel of experts offers a frank discussion of nation-state actors, their ongoing intrusions and what "taking off the gloves" might look like.

Cyberwarfare / Nation-State Attacks

6 Russians Indicted for Destructive NotPeyta Attacks

Scott Ferguson , Doug Olenick  •  October 19, 2020

The U.S. Justice Department unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee  •  October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.

Cybercrime

'Active Threat' Warning: Patch Serious SharePoint Flaw Now

Mathew J. Schwartz  •  October 19, 2020

Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.

►

Big Data Security Analytics

Fighting Bank Fraud: The Critical Technologies

Suparna Goswami  •  October 19, 2020

To help prevent fraud, banks must leverage technologies such as behavioral analytics, device biometrics and one-time passcodes, says Nancy Guglielmo, senior vice president at the Bank Policy Institute.

Anti-Money Laundering (AML)

20 Arrested in Money-Laundering Crackdown

Prajeet Nair  •  October 16, 2020

A international law enforcement operation involving 16 countries has resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network, which helped launder cash and cryptocurrency for other cybercriminals.

General Data Protection Regulation (GDPR)

British Airways' GDPR Fine Dramatically Reduced

Doug Olenick  •  October 16, 2020

Britain's Information Commissioner's Office announced this week a dramatic reduction in its fine against British Airways for violating the EU's General Data Protection Regulation. The company will pay a $26 million fine instead of $238 million in a case tied to a 2018 breach.

Cybercrime as-a-service

Analysis: Ransomware Dominates the Cybercrime Landscape

Anna Delaney  •  October 16, 2020

The latest edition of the ISMG Security Report analyzes a new report that labels ransomware as the No. 1 cybercrime threat. Also featured: A former FBI agent offers an update on "disruptionware" attacks; how Tesla's autopilot is tricked by phantom images.

Fraud Management & Cybercrime

Ransomware: Would Banning Ransom Payments Mitigate Threat?

Mathew J. Schwartz  •  October 16, 2020

As ransomware continues to slam organizations, a lively debate has ensued about whether ransom payments should be banned in all cases. Attempting to ban ransom payments, however, likely would only make the problem worse.

Breach Notification

Barnes & Noble Investigates Hacking Incident

Doug Olenick  •  October 15, 2020

Books retailer Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' information. To begin its mitigation efforts, the company shut down its systems, which meant its Nook e-book platform was offline.

Business Continuity Management / Disaster Recovery

Another Threat Group Joins Ransomware Extortion Racket

Chinmay Rautmare  •  October 15, 2020

A newly identified financially motivated threat group, dubbed "FIN11," is deploying Clop ransomware and exfiltrating data from its targets for extortion efforts, according to researchers at FireEye Mandiant.