Latest

Cybercrime

Other Attackers Reuse Old Magecart Domains: Report

Jeffrey Burt  •  September 20, 2019

Decommissioned domains that were part of the pervasive Magecart web-skimming campaigns are being put to use by other cybercriminals who are re-activating them for other scams, including malvertising, according to researchers at RiskIQ.

Fraud Management & Cybercrime

Analysis: Fallout From the Snowden Memoir

Nick Holland  •  September 20, 2019

The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.

Cybercrime

Phony IRS Emails Promise Refund, But Deliver Botnet Instead

Apurva Venkat  •  September 19, 2019

A new phishing email campaign promises to deliver a tax refund, but instead helps spread a botnet called Amadey, according to researchers at the security firm Cofense.

Artificial Intelligence & Machine Learning

Adoption of AI Surveillance Technology Surges

Mathew J. Schwartz  •  September 18, 2019

Governments are rapidly adopting AI surveillance technology to advance political goals, according to a new report from the Carnegie Endowment for International Peace. While Chinese suppliers dominate, liberal democracies and authoritarian regimes alike are developing and procuring such technology.

Governance

Lumin PDF Leak Exposed Data on 24 Million Users

Jeremy Kirk  •  September 18, 2019

Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.

Governance

Justice Department Sues Snowden Over Memoir

Scott Ferguson  •  September 18, 2019

The U.S. Justice Department has sued Edward Snowden over his new memoir, claiming that the former NSA contractor violated a nondisclosure agreement he signed when he worked for the government before becoming the world's best-known whistleblower. The suit seeks to collect all profits from the book.

Cybercrime

Researchers: Emotet Botnet Is Active Again

Apurva Venkat  •  September 17, 2019

Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., U.K. and German targets starting on Monday.

Fraud Management & Cybercrime

Investigation Launched After Ecuadorian Records Exposed

Akshaya Asokan  •  September 17, 2019

An unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet, according to a report from two independent security researchers. An official investigation is underway.

Anti-Money Laundering (AML)

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Mathew J. Schwartz  •  September 17, 2019

The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year.

Artificial Intelligence & Machine Learning

Congress Hears Ideas for Battling ID Theft

Akshaya Asokan  •  September 16, 2019

As cybercriminals adopt new methods to steal and manipulate victims' identities, the U.S. financial services industry needs to rethink how to protect customers' information using emerging technologies, such as artificial intelligence, security experts testified at a recent U.S. House committee hearing.

Governance

Life After Snowden: US Still Lacks Whistleblowing Rules

Mathew J. Schwartz  •  September 16, 2019

Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Fraud Management & Cybercrime

Ransomware Gangs Practice Customer Relationship Management

Mathew J. Schwartz  •  September 13, 2019

Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."