Amazon CEO Jeff Bezos (Source: Steve Jurvetson via Wikimedia Commons/CC)

The Bezos Phone Hack: Narrative Framed by Loose Facts

Jeremy Kirk • January 24, 2020

It's a seductive story line: A chat app belonging to Saudi Arabia's Crown Prince is used to deliver malware to an American billionaire's phone. But a forensic investigation of Amazon CEO Jeff Bezos' phone raises more questions than it answers.

Cybercrime

Equifax Settles Mega-Breach Lawsuit for $1.38 Billion

Latest

Cyberwarfare / Nation-State Attacks

Analysis: New Details on the Hacking of Jeff Bezos' iPhone

Nick Holland • January 24, 2020

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

Application Security

Microsoft Error Exposed 250 Million Elasticsearch Records

Jeremy Kirk • January 23, 2020

Microsoft accidentally internet-exposed for three weeks 250 million customer support records stored in five misconfigured Elasticsearch databases. While the company rapidly locked them down after being alerted, it's an embarrassing gaff for the technology giant, which has pledged to do better.

Cybercrime

FBI Warns: Beware of Spoofed Job Application Portals

Akshaya Asokan • January 23, 2020

The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants.

Cybercrime

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz • January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Encryption & Key Management

Report: Apple Scuttled Encryption Plans for iCloud Backups

Jeremy Kirk • January 22, 2020

Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Breach Notification

GDPR: $126 Million in Fines and Counting

Mathew J. Schwartz • January 21, 2020

Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.

Advanced SOC Operations / CSOC

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Jeremy Kirk • January 21, 2020

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.

Artificial Intelligence & Machine Learning

Google CEO Backs EU's Proposed Facial Recognition Ban

Ishita Chigilli Palli • January 21, 2020

Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.

Fraud Management & Cybercrime

Maryland Considers Criminalizing Ransomware Possession

Akshaya Asokan • January 21, 2020

Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison, similar to moves at least two other states have already made. But is such legislation effective?

Governance

Citrix Releases First Patches to Fix Severe Vulnerability

Scott Ferguson • January 20, 2020

Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.

Application Security

Microsoft Warns of Zero-Day Internet Explorer Exploits

Mathew J. Schwartz • January 20, 2020

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.