One Simple Error Led to AlphaBay Admin's Downfall

Mathew J. Schwartz • July 21, 2017

Hollywood loves to portray hackers as wunderkinds with such exceptional cybercrime mojo that they can hack or crack anything. But as the AlphaBay takedown demonstrates, a simple mistake - reusing a Hotmail address - led to the administrator and site's arrest and downfall.

Cybersecurity

Trump Administration Restricts Kaspersky Lab Product Use

Latest

Anti-Malware

Mirai Malware Hacker Pleads Guilty in German Court

Mathew J. Schwartz • July 24, 2017

A British man named by authorities as "Daniel K." - aka "Spiderman" and "Peter Parker" - pleaded guilty in German court to infecting 1.25 million Deutsche Telekom routers with Mirai malware and causing more than $2 million in damage.

Business Continuity/Disaster Recovery

Nuance the Latest NotPetya Victim to Report Financial Impact

Marianne Kolbasuk McGee • July 21, 2017

Medical transcription software vendor Nuance is the latest company to acknowledge that it's still struggling to recover from the recent global NotPetya ransomware attacks and will see a dip in its financial performance as a result.

Vendor Management

Getting Value From Managed Security Services Providers

Jeremy Kirk • July 21, 2017

Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler, CISO of BlueScope Steel, shares how she challenges managed security services providers.

Cybersecurity

Police Seize World's Two Largest Darknet Marketplaces

Mathew J. Schwartz • July 20, 2017

The FBI and Europol announced that they've jointly shuttered the world's two biggest darknet marketplaces, AlphaBay and Hansa, which were responsible for more than 10 times the volume of sales as the notorious Silk Road marketplace.

Endpoint Security

IoT in the Enterprise: The Next Big Thing

Tom Field • July 20, 2017

Millions of connected devices already have been potentially compromised - inside and outside of the enterprise. Phil Marshall of Tolaga Research is concerned about when and how attackers will take advantage of these in the next big IoT strike.

Cybersecurity

FBI Blames Iranian Hackers for Stealing US Missile Tech

Mathew J. Schwartz • July 20, 2017

Two Iranian nationals remain at large after being charged by the U.S. Department of Justice with hacking into a Vermont-based engineering firm and stealing software used to develop projectiles, ranging from bullets to GPS-guided artillery shells and missiles.

Data Breach

Ricoh Australia Scrambles to Fix Document Leak

Jeremy Kirk • July 20, 2017

Ricoh's Australia office has notified banks, government agencies, universities and many large businesses about a curious data breach that, in some cases, exposed login credentials for its multifunction devices.

Endpoint Security

IoT Security Cameras Have a Major Security Flaw

Jeremy Kirk • July 19, 2017

An investigation into a single IP security camera has unfolded into yet another worrying finding in the land of the internet of things. Millions of IoT devices may have a remotely executable buffer overflow in an open-source code component, according to cybersecurity company Senrio.

Cybersecurity

State Department Official Who Backs Russian Cyber Engagement Leaving

Eric Chabrow • July 19, 2017

Christopher Painter, who has advocated for diplomatic engagement with cyber friends and foes alike, is leaving his post as coordinator of cyber issues at the State Department, a job he has held since early 2011.

Breach Preparedness

Report: Major Cloud Services Attack Could Cost $53 Billion

Jeremy Kirk • July 18, 2017

What trait does a global cyberattack and a hurricane share? Both could cost insurers - and victims - dearly. In a new report, Lloyd's of London estimates that a major cloud services attack could trigger $53 billion in losses and cleanup costs.

Encryption

Cybercrime Battle: Next Steps

Mathew J. Schwartz • July 18, 2017

Demands by politicians that people must be willing to surrender their privacy rights to help security services battle cybercrime are shorthand for governments having significantly underinvested in the required resources, says information security expert Brian Honan.

Anti-Malware

Shedding Light on the Darknet Marketplace

Eric Chabrow • July 18, 2017

A discussion on the latest happenings in the darknet marketplace leads the latest edition of the ISMG Security Report. Also, getting to the bottom of Russia's Democratic Party hack could be the ultimate goal of a lawsuit filed against the Donald Trump presidential campaign.