(Photo: Alan Wu via Flickr/CC)

Cyberattack on a Major Bank Would Have Ripple Effect: Study

Ishita Palli • January 17, 2020

A cyberattack targeting one of the largest banks in the U.S. that stops the processing of payments likely would have a major ripple effect throughout the financial system, according to a new report from the Federal Reserve Bank of New York.

3rd Party Risk Management

Facebook's FTC Privacy Settlement Challenged in Court

Latest

Cybercrime

'WeLeakInfo' Website Shut Down

Scott Ferguson • January 17, 2020

Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

Business Email Compromise (BEC)

BEC Fraudsters Targeting Financial Documents: Report

Scott Ferguson • January 17, 2020

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.

Cyberwarfare / Nation-State Attacks

FBI Promises 'Timely' Election Breach Reports for Officials

Akshaya Asokan • January 17, 2020

The FBI has created a new policy to give "timely" breach notifications to state and local officials concerning election hacking and foreign interference. The updated guidelines look to correct some of the mistakes in the run-up to the 2016 presidential election.

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland • January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

Governance

Windows Vulnerability: Researchers Demonstrate Exploits

Scott Ferguson • January 16, 2020

A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.

Critical Infrastructure Security

Senators Field Legislation to Build Huawei 5G Alternatives

Mathew J. Schwartz • January 16, 2020

One gaping hole in the U.S. government's push to counter Chinese-built 5G telecommunications gear remains the lack of alternatives. But a bipartisan group of senators is seeking to create a $1 billion fund to create trusted, Western-built options.

Cyberwarfare / Nation-State Attacks

Congress Hears Warnings of Iranian Cyberthreats

Akshaya Asokan • January 16, 2020

Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told a House committee Wednesday. That's why federal agencies need to shore up their defenses.

Account Takeover

How Wireless Carriers Open the Door to SIM Swapping Attacks

Scott Ferguson • January 15, 2020

A new Princeton University research paper finds that five major U.S. prepaid wireless carriers are leaving their customers open to SIM swapping attacks. The main culprit is weak account authentication procedures that attackers can easily exploit.

Cybercrime

'Wartime' Security Mentality Revisited

Tom Field • January 15, 2020

Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?

Cybercrime

Report: Russian Hackers Targeted Ukrainian Gas Firm Burisma

Ishita Palli • January 14, 2020

Hackers with ties to the Russian government have targeted Ukrainian natural gas firm Burisma with phishing attacks designed to steal credentials, according to researchers at Area 1 Security. The company is at the center of the impeachment of President Donald Trump.

Encryption & Key Management

Attorney General Presses Apple to Unlock Shooter's iPhones

Akshaya Asokan • January 14, 2020

U.S. Attorney General William Barr is ratcheting up the pressure on Apple to unlock two iPhones belonging to a Saudi national who carried out a deadly shooting in December. The attorney general is labeling the shooting as an act of terrorism and says Apple is hampering a counterterrorism investigation.

Breach Notification

Baby's First Data Breach: App Exposes Baby Photos, Videos

Jeremy Kirk • January 14, 2020

A baby photo and video-sharing app called Peekaboo Moments is exposing sensitive logs through an exposed Elasticsearch database, a researcher has found. The data includes baby photos and videos, birthdates, location data and device information.