Attackers using CryptoMix ransomware falsely claim that ransoms go toward paying ill children's medical treatments. (Source: Coveware)

Ransomware Claims to Fund Child Cancer Treatments

Mathew J. Schwartz • January 15, 2019

Ransomware attacks continue, with the city of Del Rio, Texas, saying its operations have been disrupted by crypto-locking malware. Meanwhile, CryptoMix ransomware urges victims to pay ransoms, claiming it will fund treatments for seriously ill children, while GandCrab gets distributed via malvertising attacks.

Cybercrime

Ransom Moves: The Dark Overlord Keeps Pressuring Victims

Latest

Cybersecurity

Your Garage Opener Is More Secure Than Industrial Remotes

Jeremy Kirk • January 16, 2019

Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says. Manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy.

Governance

Hard-Coded Credentials Found in ID, Access Control Software

Jeremy Kirk • January 15, 2019

Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.

Cybercrime

UK Sentences Man for Mirai DDoS Attacks Against Liberia

Jeremy Kirk • January 14, 2019

A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016. A rival internet services provider paid Kaye $100,000 to launch the attacks.

General Data Protection Regulation (GDPR)

'Right to Be Forgotten' Should Be EU-Only, Adviser Says

Mathew J. Schwartz • January 11, 2019

Europe's "right to be forgotten" should not apply worldwide, but only inside the EU, according to a nonbinding opinion issued to the European Court of Justice by one of its advocate generals regarding a case that arose from a dispute between France's data privacy watchdog and Google.

Authentication

A Fraud-Fighting Strategy for P2P Payments

Nick Holland • January 11, 2019

Customer lifecyle data management can play an important role in cracking down on fraud tied to the growth in real-time P2P payments, says David Barnhardt of the security firm GIACT.

Breach Response

Card-Not-Present Fraud Costs Mount

Nick Holland • January 11, 2019

A Juniper Research analysis of why card-not-present fraud will continue to grow leads this week's edition of the ISMG Security Report. Also featured: Updates on a Neiman Marcus breach lawsuit settlement and a German hacking incident.

Active Defense & Deception

Visual Journal: Black Hat Europe 2018

Mathew J. Schwartz • January 9, 2019

The recent Black Hat Europe conference in London touched on topics ranging from combating "deep fake" videos and information security career challenges to hands-on lock-picking tutorials and the dearth of research proposals centered on deception technology.

Cybercrime

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Suparna Goswami • January 8, 2019

The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves.

Breach Response

Marriott Mega-Breach: Victim Count Drops to 383 Million

Mathew J. Schwartz • January 7, 2019

Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system. The hotel giant now says the breach also exposed more than 5 million unencrypted passport numbers.

Anti-Fraud

Card-Not-Present Fraud Growth: No End in Sight?

Nick Holland • January 7, 2019

Card-not-present fraud will cost retailers worldwide $130 billion between 2018 and 2023, a new report from Juniper Research predicts. Steffen Sorrell, author of the study, explains the reasons behind this growth projection and describes what can be done to improve the fight against fraud.

Advanced SOC Operations / CSOC

Moving to a Next-Generation SOC: Critical Factors

Suparna Goswami • January 7, 2019

Organizations looking to migrate to a next-generation security operations center must first carefully assess any problems they are facing with current security technology, says Vikram Mehta, associate director of information security at MakeMyTrip, an India-based online ticketing portal.

Cybercrime

Hackers Leak Hundreds of German Politicians' Personal Data

Mathew J. Schwartz • January 4, 2019

Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and communications stolen and leaked online as part of what authorities are calling an attack on the country's democracy and institutions.