Recent DNS Hijacking Campaigns Trigger Government Action

Scott Ferguson • July 22, 2019

A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K. governments to issues warnings and policy updates to improve security.

Cybercrime

Security Flaw Exposed Valid Airline Boarding Passes

Latest

Incident & Breach Response

Ex-NSA Contractor Harold Martin Hit With 9-Year Sentence

Akshaya Asokan • July 22, 2019

Former government contractor Harold Thomas Martin III has been sentenced to serve nine years in federal prison after he pleaded guilty to stealing and retaining classified and secret files and data from U.S. government agencies, including the National Security Agency and CIA.

Fraud Management & Cybercrime

Ireland Assessing Minors' Profiles on Instagram

Jeremy Kirk • July 22, 2019

Ireland's Data Protection Commission says it is "assessing" a report concerning minors who have business profiles on Instagram that may expose email addresses and phone numbers. As many as 5 million kids worldwide have business accounts, but often they have no discernible link to a real business.

Governance

2.3 Billion Files Exposed Online: The Root Causes

Marianne Kolbasuk McGee • July 22, 2019

Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.

Business Email Compromise (BEC)

BEC Scams Cost U.S. Companies $300 Million Per Month: Study

Scott Ferguson • July 19, 2019

Business email compromise scams are surging, and they're costing U.S. companies a total of more than $300 million a month, according to a recently released analysis by the U.S. Treasury Department. The report pinpoints which sectors are hardest hit by this type of fraud.

Cybercrime

Phishing Attack Aimed at Stealing Payroll Deposits

Marianne Kolbasuk McGee • July 19, 2019

A Texas-based healthcare system says hackers unsuccessfully tried to divert employee payroll direct deposits through a phishing attack that also potentially exposed patient data. The incident illustrates how business processes can help avert theft.

Encryption & Key Management

Audit Finds More Security Vulnerabilities at IRS

Akshaya Asokan • July 19, 2019

The Internal Revenue Services' internal financial reporting systems and IT infrastructure have 14 new security vulnerabilities, along with a long list of previously unresolved deficiencies, according to a U.S. Government Accountability Office audit.

3rd Party Risk Management

Huawei Question Must Be Answered by New UK Prime Minister

Mathew J. Schwartz • July 19, 2019

A powerful parliamentary committee has called on Britain's new prime minister - be it Boris Johnson or Jeremy Hunt - to make a decision "as a matter of priority" about the extent to which telecommunications gear built by Huawei should be used in the nation's 5G network.

Phishing Scheme Targets Amex Cardholders

Akshaya Asokan • July 18, 2019

Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense.

General Data Protection Regulation (GDPR)

Patient Record Snooping Incident Leads to GDPR Fine

Marianne Kolbasuk McGee • July 18, 2019

Authorities in the Netherlands recently levied a $516,000 fine under the General Data Protection Regulation against a hospital in the Hague in connection with a data breach involving "dozens" of staffers who snooped on the electronic medical records of a celebrity.

Cybercrime

Impact of AMCA Breach Continues to Grow

Marianne Kolbasuk McGee • July 18, 2019

The impact of the massive American Medical Collection Agency data breach continues to grow. At least two more laboratories have said their patients' data was potentially compromised by the breach. Meanwhile, court filings accuse AMCA of a lack of "cooperation and transparency" in the wake of the incident.

Active Defense & Deception

How Deception Technology Is Evolving

Nick Holland • July 17, 2019

Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.

Fraud Management & Cybercrime

Insider Medicaid Fraud Case: 'An Important Reminder'

Marianne Kolbasuk McGee • July 16, 2019

The sentencing of a former worker at a substance abuse treatment provider in connection with a Medicaid fraud conspiracy "is an important reminder about the threats from insiders," one privacy attorney says.