Cryptocurrency exchanges are seeing fraudsters submit doctored photos in an attempt to reset two-step verification on accounts. The ruse appears to have some degree of success, underscoring the difficulties around verifying identity on the internet.
Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.
The latest edition of the ISMG Security Report features a summary of alarming new findings about the ability of the U.S. to counter a nation-state malware attack. Plus, a discussion of "fusion centers" at banks and an update on the targeting of Webstresser subscribers.
Hundreds of suspected customers of Webstresser, a DDoS stresser/booter site that was disrupted last year, are being visited by law enforcement agents and may see jail time. The police message: Using darknet cybercrime services doesn't guarantee anonymity, even if you pay with bitcoin.
Without improved coordination, the U.S. government and private companies could be caught flat-footed if a nation-state hit the software supply chain with malware or a worm, according to a new report that echoes conclusions made over the last decade and calls for closer industry-government ties.
Banks need to work toward improving collaboration between their cybersecurity and fraud management departments to boost efforts to mitigate cyberthreats, say Scott Walters and Eric Reddel of the consultancy Booz Allen Hamilton.
A $3.1 million proposed settlement has been reached in a data breach class action lawsuit against Community Health Systems stemming from a 2014 cyberattack that affected 4.5 million individuals. Why are settlements in data breach cases still relatively rare?
A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.
In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.
Fraud incidents and losses have remained steady or increased in the past year, according to ISMG's latest Faces of Fraud Survey. And the biggest fault of banking institutions' current anti-fraud controls: They rely too much on manual processes. Mike Lopez of survey sponsor Cyxtera Technologies analyzes the results and...
Ransomware victims who opted to pay for the promise of a decryption key forked over an average of $6,733 in the fourth quarter of 2018, according to ransomware incident response firm Coveware. It says strains such as SamSam and Ryuk, which demand higher-than-average ransoms, are increasingly common.
Bangladesh Bank, supported by the New York Fed, has filed a lawsuit in U.S. federal court to try to recover $81 million stolen via one of the biggest online bank heists in history. But the Philippine bank the lawsuit targets has dismissed the case as a "political stunt" designed to shift blame.
The notorious xDedic Marketplace Russian-language cybercrime forum and shop remains offline following an international police takedown. Security experts expect xDedic customers to shift to UAS, a rival darknet market that also specializes in stolen and hacked remote desktop protocol credentials.
The latest edition of the ISMG Security Report features an update on what U.S. intelligence chiefs told Congress this week about persistent nation-state cyberthreats, plus reports on evasion tactics used by cryptocurrency money launderers and what government CIOs have to say about security funding.
Apple's conflict with Facebook this week resulted in the most effective and quickest punishment the social network has ever received over a privacy issue. But should a multi-billion dollar tech company like Apple be picking up the slack for the digital privacy enforcement failures of governments?