After 2 Years, WannaCry Remains a Threat

Scott Ferguson • May 17, 2019

Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.

Cybercrime

IRS Gives Hacked Accounting Software Customers a Reprieve

Latest

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk • May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland • May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Governance

Cybersecurity's Week From Hell

Mathew J. Schwartz • May 17, 2019

Multiple flaws - all serious, exploitable and some already being actively exploited - came to light this week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?

Cybercrime

Surge in JavaScript Sniffing Attacks Continues

Scott Ferguson • May 16, 2019

The magazine subscription page for Forbes magazine and two web service platforms were hit with separate skimming attacks this week, security researchers say. Attackers are increasingly using JavaScript sniffing to steal credit card and other personal data.

Breach Response

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Mathew J. Schwartz • May 16, 2019

European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk • May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.

Cybercrime

Hack of Japanese Retailer Exposes 460,000 Customer Accounts

Scott Ferguson • May 15, 2019

Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.

Governance

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Jeremy Kirk • May 14, 2019

Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.

Anti-Malware

Ransomware Increasingly Hits State and Local Governments

Scott Ferguson • May 14, 2019

Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers. A new analysis by threat intelligence firm Recorded Future asks: Why the discrepancy?

Authentication

Anthem Cyberattack Indictment Provides Defense Lessons

Marianne Kolbasuk McGee • May 13, 2019

The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.

Business Email Compromise (BEC)

Nigerian BEC Scammers Use Malware to Up the Ante

Scott Ferguson • May 13, 2019

A growing area of concern for security researchers is a new crop of business email compromise schemes originating from Nigeria, with scammers upping their game by using new malware. The biggest of the crime gangs is SilverTerrier, according to Palo Alto Network's Unit 42.

Cybercrime

Alleged SIM Swappers Charged Over Cryptocurrency Thefts

Jeremy Kirk • May 13, 2019

Nine men have been charged in connection with an alleged SIM card swapping scheme that led to the theft of $2.4 million in cryptocurrency, the U.S. Justice Department says. The scheme allegedly involved the bribing of employees of Verizon and AT&T.