Who's surprised Chinese military hackers allegedly hacked Equifax? For a foreign power that continues to attempt to amass personal information on its adversaries, targeting a business that gets rich by buying and selling Americans' personal data remains an obvious play.
Facebook scientists have proposed using "radioactive data" watermarks to identify when online images get used to train neural networks. The proposal appears to be aimed at the rise of big data startups, such as Clearview AI, that are scraping publicly available photographs to create facial recognition tools.
The cybersecurity outlook for 2020 and the new decade will be characterized by more advanced, targeted and coordinated attack vectors designed to exploit the cybersecurity skills shortage, along with congenitally poor security fundamentals and hygiene.
The notorious Joker's Stash cybercrime marketplace, which specializes in selling stolen payment card data, has a new listing for 1.3 million credit and debit cards, almost all of which appear to have been issued by Indian banks, reports threat intelligence firm Group-IB.
Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.
"Silence," a Russian-speaking criminal group that has stolen $4.2 million from ATMs and financial institutions since 2016, has become more active this year, using new tools and tactics in its attacks and expanding its reach globally, according to the security firm Group-IB.
Given the massive impact of the Equifax data breach, is the recently announced proposed settlement fair? One consumer advocate calls the money to be paid out by the consumer reporting agency the equivalent of a "parking ticket." Here's an analysis of the settlement's terms.
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
Known for targeting banks and ATMs in Russia and other Eastern European countries, the "Silence" gang apparently is now expanding into other regions, using a combination of custom malicious tools and "living-off-the-land" techniques, researchers report.
Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3 million ($3 million) directly from customers' bank accounts.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
A cybercrime gang called "Silence," which appears to have just two members, has been tied to attacks that have so far stolen at least $800,000, in part via ATM jackpotting or "cash out" attacks, warns cybercrime investigation firm Group-IB.