Latest

Anti-Malware

E-Commerce Skimming Attacks Evolve Into iFrame Injection

Jeremy Kirk  •  May 22, 2019

Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.

Data Loss

Database May Have Exposed Instagram Data for 49 Million

Jeremy Kirk  •  May 21, 2019

There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

Anti-Malware

MuddyWater APT Group Upgrades Tactics to Avoid Detection

Scott Ferguson  •  May 21, 2019

MuddyWater, an advanced persistent threat group that has targeted organizations in the Middle East, has changed some of its tactics to better avoid detection as it continues to plant backdoors within targeted networks, according to new research from Cisco Talos.

►

Anti-Money Laundering (AML)

Whistleblower Everett Stern: 'Do the Right Thing'

Tom Field  •  May 20, 2019

It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

Cloud Access Security Brokers (CASB)

Phishing: Mitigating Risk, Minimizing Damage

Marianne Kolbasuk McGee  •  May 20, 2019

As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage.

Application Security

Salesforce Says Permissions Bungle Almost Fixed

Jeremy Kirk  •  May 20, 2019

Salesforce says it has nearly recovered from a botched database update that wiped out user permissions within its Pardot marketing management product on Friday. The error allowed Salesforce users access to previously restricted profiles.

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk  •  May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland  •  May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Cyberwarfare / Nation-state attacks

Bill Would Help Congress Track Offensive 'Cyber Tool' Sales

Scott Ferguson  •  May 16, 2019

A House panel has approved a measure designed to make sure Congress is informed when U.S. companies sell offensive cyber technologies to other nations' governments. The measure was introduced after a U.S. firm sold technologies to the United Arab Emirates that were used to target activists and journalists.

Breach Preparedness

Trump Signs Executive Order That Could Ban Huawei

Jeremy Kirk  •  May 16, 2019

U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.

Breach Response

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Mathew J. Schwartz  •  May 16, 2019

European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk  •  May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.