Latest

Governance

'ShadowHammer' Spreads Across Online Gaming Supply Chain

Scott Ferguson  •  April 24, 2019

A sophisticated supply-chain attack dubbed Operation ShadowHammer is becoming more pervasive, with the group targeting online gamers, security researchers at Kaspersky Lab warn.

Cybersecurity

'Five Eyes' Intelligence Members to Detail Cyber Threats

Mathew J. Schwartz  •  April 24, 2019

For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate, sharing a stage in Glasgow, Scotland, during the CyberUK conference. The Five Eyes alliance comprises Australia, Canada, New Zealand, the U.K. and U.S.

Application Security

Facebook Marketplace Flaw Revealed Seller's Exact Location

Mathew J. Schwartz  •  April 23, 2019

Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.

Data Breach

What Led to a $4.7 Million Breach Lawsuit Settlement?

Scott Ferguson  •  April 22, 2019

Washington State University has agreed to pay more than $4.7 million to settle a lawsuit stemming from the theft of a portable hard disk drive from a self-storage unit. The drive contained information - much of it unencrypted - on more than 1 million individuals.

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson  •  April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz  •  April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz  •  April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson  •  April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.

Breach Response

Hackers Reportedly Post Data on Law Enforcement Officers

Scott Ferguson  •  April 15, 2019

Federal law enforcement authorities are investigating an apparent breach of three chapters of FBI National Academy Associates, a nonprofit training and education organization that's independent of the FBI. The breach may have exposed data on thousands of law enforcement officials.

Cybercrime

Silk Road 2.0 Operator Sentenced to Prison

Scott Ferguson  •  April 15, 2019

An unemployed British man has been sentenced to more than five years in prison for his role in operating the Silk Road 2.0 darknet site, which succeeded the original Silk Road website after the FBI closed it in 2013, U.K. authorities say.

Cybersecurity

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Jeremy Kirk  •  April 15, 2019

An Australian company that markets a smartwatch that lets parents monitor their children shut down its service on Monday after researchers revealed hackers could track a child's location, spoof the location, add themselves as a "parent" and view personally identifiable information associated with the account.

Anti-Malware

US CERT Warns of N. Korean 'Hoplight' Trojan

Scott Ferguson  •  April 12, 2019

U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea. The malware has the ability to disguise the network traffic it sends back to its originators, making it more difficult to track its movements.