Latest

Cybercrime

Data Exfiltrated From Alaskan Voter Registration Servers

Doug Olenick  •  December 4, 2020

Hackers exfiltrated voters' personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials say.

Fraud Management & Cybercrime

Defense Bill Would Restore White House Cybersecurity Post

Akshaya Asokan  •  December 4, 2020

A defense policy bill that Congress plans to vote on later this month now includes a provision that would restore the position of national cyber director at the White House, says Rep. Jim Langevin, D-R.I.

General Data Protection Regulation (GDPR)

Bad Cookies: Privacy Regulator Fines Supermarket Giant

Mathew J. Schwartz  •  December 4, 2020

France's privacy regulator has hit retail giant Carrefour with a $3.7 million fine for violating privacy laws, including GDPR. It's accused of failing to make privacy policies easy to understand, placing advertising cookies without consent and retaining customer data for unreasonable periods of time.

Cybercrime

Hacking Group Used Crypto Miners as Distraction Technique

Prajeet Nair  •  December 4, 2020

A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports.

►

Governance & Risk Management

Balancing Security, Customer Service

Suparna Goswami  •  December 4, 2020

Organizations can enhance security while maintaining a good customer experience by leveraging data for authentication, says David Britton of Experian.

Application Security

Analysis: Apple iOS 'Zero-Click Exploit'

Anna Delaney  •  December 4, 2020

This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.

Cybercrime

Trickbot Now Uses a Bootkit to Attack Firmware

Doug Olenick  •  December 3, 2020

Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.

COVID-19

Phishing Campaign Targets COVID-19 'Cold Chain'

Marianne Kolbasuk McGee  •  December 3, 2020

CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered.

Endpoint Security

Researchers: 25 Countries Use 'Circles' Spyware

Akshaya Asokan  •  December 3, 2020

Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to The Citizen Lab, a research organization based at the University of Toronto.

Cybercrime

Nintendo Hacker's Sentence: 3 Years in Prison

Akshaya Asokan  •  December 3, 2020

A 21-year-old California man who pleaded guilty to repeatedly hacking gaming company Nintendo to steal confidential data has been sentenced to serve three years in federal prison, according to the U.S. Justice Department.

►

Fraud Management & Cybercrime

Why Did Instagram Leak Minors' Email Addresses Again?

Jeremy Kirk  •  December 3, 2020

Social media poses special risks for minors. Data scientist David Stier, who has discovered leaks of minors' personally identifiable information on Instagram, shares insights on how social media companies should better protect PII.

Cybercrime

Alert: APT Groups Targeting US Think Tanks

Doug Olenick  •  December 3, 2020

CISA and the FBI have issued a warning that advanced persistent threat groups are waging cyberespionage campaigns against U.S. think tanks, especially those working on international affairs or national security policy.