Researchers: Emotet Botnet Is Active Again

Apurva Venkat • September 17, 2019

Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., U.K. and German targets starting on Monday.

Anti-Money Laundering (AML)

Email Servers: Exim Flaw Leaves Millions at Risk of Hacking

Latest

Artificial Intelligence & Machine Learning

Using Artificial Intelligence to Combat Card Fraud

Nick Holland • September 17, 2019

Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25.

Breach Notification

Brokerage Firm Hit With $500,000 Data Breach Penalty

Apurva Venkat • September 16, 2019

The U.S. Commodity Futures Trading Commission has hit Philips Capital Inc., a Chicago-based brokerage firm, with a $500,000 penalty for security missteps before and after a 2018 data breach, which resulted in the theft of $1 million from client accounts.

Governance

Life After Snowden: US Still Lacks Whistleblowing Rules

Mathew J. Schwartz • September 16, 2019

Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Cybercrime

Credit Card Theft Ringleader Pleads Guilty

Scott Ferguson • September 13, 2019

One of the three Ukrainian men charged with leading the notorious Fin7 hacking group, which prosecutors say stole 15 million payment cards, has pleaded guilty to two federal charges.

Multi-factor & Risk-based Authentication

PSD2 Authentication Requirements: The Implementation Hurdles

Geetha Nandikotkur • September 13, 2019

Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept. 14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes.

Biometrics

Calif. May Ban Facial Recognition in Police Body Cameras

Apurva Venkat • September 13, 2019

Lawmakers in California have voted to ban the use of facial recognition technology within the body cameras that police wear. The measure now awaits the governor's signature.

Cybercrime

For Sale: Admin Access Credentials to Healthcare Systems

Marianne Kolbasuk McGee • September 13, 2019

Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.

Governance

Tips on Countering Insider Threat Risks

Jeremy Kirk • September 13, 2019

Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.

Account Takeover

Analysis: The Impact of Business Email Compromise Attacks

Nick Holland • September 13, 2019

This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends.

Electronic Healthcare Records

National Patient ID Debate Intensifies

Marianne Kolbasuk McGee • September 12, 2019

Some healthcare IT industry groups and large provider organizations are pushing the Senate to follow the House's lead and approve a measure to lift the 20-year ban on federal funding of the development or adoption of a unique national patient identifier. Why is this still such a hot privacy issue?

Cybercrime

Iranian Hacking Group Continues Targeting Universities

Scott Ferguson • September 12, 2019

"Cobalt Dickens," a threat group with suspected ties to Iran, is continuing its attempts to steal intellectual property from schools and universities, according to an analysis by SecureWorks. The group's work continues even though several alleged members have been indicted by the Justice Department.

Cybercrime

Australia to Update National Cybersecurity Strategy

Akshaya Asokan • September 12, 2019

The Australian government is looking to update its national cybersecurity strategy by 2020. In preparation, it's released a discussion paper that seeks input from citizens, the business community, academics and other stakeholders.