Latest

Breach Preparedness

Moody's Changes Equifax's Outlook to 'Negative'

Scott Ferguson  •  May 24, 2019

Moody's has changed its financial outlook for Equifax to "negative" from "stable," reflecting concerns about how the credit reporting giant is recovering from the 2017 data breach that exposed the personal information of 148 million Americans.

Data Loss

Instagram Bans Social Media Company After Data Exposure

Jeremy Kirk  •  May 24, 2019

Instagram has revoked the access of an Indian social media marketing company after personal details of some of its users ended up in an unprotected database online. Instagram says the number of affected users - first reported at 49 million - is inaccurate, and the exposed data from Instagram was already public.

Application Security

WannaCry Still Causing Tears 2 Years On

Nick Holland  •  May 24, 2019

The latest edition of the ISMG Security Report assesses the legacy of WannaCry ransomware two years on. Also featured: the evolving role of healthcare CISOs; threat mitigation recommendations based on the 2019 Verizon Data Breach Investigations Report.

Cybercrime

Assange Indicted in US Under Espionage Act

Scott Ferguson  •  May 23, 2019

A federal grand jury has indicted WikiLeaks founder Julian Assange on 18 counts under the U.S. Espionage Act for his role in publishing classified material, the Justice Department announced Thursday. He's currently serving a prison sentence in the U.K. and fighting extradition to the U.S.

Anti-Money Laundering (AML)

Bestmixer Cryptocurrency Laundering Site Shuttered

Scott Ferguson  •  May 23, 2019

European police have shuttered Bestmixer.io, considered one of the largest underground money laundering websites for cryptocurrencies used in connection with criminal activities, including ransomware attacks.

Application Security

Google Stored Unhashed G Suite Passwords for Years

Scott Ferguson  •  May 22, 2019

Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.

Anti-Malware

E-Commerce Skimming Attacks Evolve Into iFrame Injection

Jeremy Kirk  •  May 22, 2019

Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.

Cybercrime as-a-service

Verizon DBIR: C-Level Executives in the Crosshairs

Nick Holland  •  May 22, 2019

C-level executives are 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches. This is among the key findings of the latest Verizon's Data Breach Investigations Report. Author John Grim shares insight.

Cyberwarfare / Nation-state attacks

Huawei Gets 90-Day Reprieve on Ban

Scott Ferguson  •  May 21, 2019

The U.S. Commerce Department will offer a 90-day reprieve to a handful of companies that conduct business with Huawei before the Trump administration's ban on the use of the Chinese company's technologies fully kicks in, the Wall Street Journal reports. Meanwhile, Google announces it will continue to work with Huawei.

►

Anti-Money Laundering (AML)

Whistleblower Everett Stern: 'Do the Right Thing'

Tom Field  •  May 20, 2019

It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

Cyberwarfare / Nation-state attacks

DHS Reportedly Warns of Chinese-Made Drones Stealing Data

Scott Ferguson  •  May 20, 2019

The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

Application Security

Lack of Secure Coding Called a National Security Threat

Nick Holland  •  May 20, 2019

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.