Latest

Cybercrime

Insider Trading: SEC Describes $4.1 Million Hacking Scheme

Mathew J. Schwartz  •  January 16, 2019

The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.

Cybersecurity

Your Garage Opener Is More Secure Than Industrial Remotes

Jeremy Kirk  •  January 16, 2019

Radio controllers used in the construction, mining and shipping industries are vulnerable to hackers, Trend Micro says in a new report. To address the issue, researchers say, manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy.

Cybersecurity

Quantum Computing: Sizing Up the Risks to Security

Suparna Goswami  •  January 16, 2019

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, CISO at U.K.-based Bytes Software Services.

Governance

Hard-Coded Credentials Found in ID, Access Control Software

Jeremy Kirk  •  January 15, 2019

Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.

Cybercrime

Cybercrime Gangs Advertise Fresh Jobs, Hacking Services

Mathew J. Schwartz  •  January 14, 2019

Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services. One recent job listing from the data-leaking blackmail gang called The Dark Overlord sought technically proficient individuals who were fluent in Arabic, Chinese or German.

Cybercrime

UK Sentences Man for Mirai DDoS Attacks Against Liberia

Jeremy Kirk  •  January 14, 2019

A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016. A rival internet services provider paid Kaye $100,000 to launch the attacks.

General Data Protection Regulation (GDPR)

'Right to Be Forgotten' Should Be EU-Only, Adviser Says

Mathew J. Schwartz  •  January 11, 2019

Europe's "right to be forgotten" should not apply worldwide, but only inside the EU, according to a nonbinding opinion issued to the European Court of Justice by one of its advocate generals regarding a case that arose from a dispute between France's data privacy watchdog and Google.

Breach Response

Card-Not-Present Fraud Costs Mount

Nick Holland  •  January 11, 2019

A Juniper Research analysis of why card-not-present fraud will continue to grow leads this week's edition of the ISMG Security Report. Also featured: Updates on a Neiman Marcus breach lawsuit settlement and a German hacking incident.

Breach Preparedness

Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught

Mathew J. Schwartz  •  January 10, 2019

Police in Germany say a 20-year-old student has confessed to stealing and leaking personal details from 1,000 German politicians, celebrities and journalists, allegedly after bragging about the crime. More advanced attackers rarely make so much noise.

Authentication

German Police Identify Suspect Behind Massive Data Leak

Mathew J. Schwartz  •  January 9, 2019

German police arrested a 20-year-old student - living at home with his parents - who they say confessed to leaking contact details and sensitive information for an estimated 1,000 German celebrities, journalists and politicians, including Chancellor Angela Merkel.

Active Defense & Deception

Visual Journal: Black Hat Europe 2018

Mathew J. Schwartz  •  January 9, 2019

The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of research proposals centered on deception technology.

Cybercrime

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Suparna Goswami  •  January 8, 2019

The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves.