Police fire tear gas to disperse protesters near the central government headquarters in Hong Kong on Aug. 5. (Photo: Voice of America)

Facebook and Twitter Scuttle Hong Kong Disinformation

Mathew J. Schwartz • August 20, 2019

Facebook and Twitter have suspended a number of accounts and pages that they have tied to information operations being run by the Chinese government. Disinformation has targeted pro-democracy demonstrators in Hong Kong - likening them to cockroaches - while dismissing anti-Beijing sentiment as "fake news."

Business Email Compromise (BEC)

Apple Expands Bug Bounty; Raises Max Reward to $1 Million

Latest

Biometrics

Use of Facial Recognition Stirs Controversy

Apurva Venkat • August 20, 2019

A developer's use of facial recognition technology to scan the faces of pedestrians in London has sparked concerns from residents, the mayor and Britain's privacy watchdog. Meanwhile, the use of the technology is raising privacy concerns worldwide and is even becoming an issue in the U.S. presidential race.

Cybercrime

Threat Intel for a Global Economy

Tom Field • August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT Data talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

Endpoint Security

Medical Device Security: The Doctor's View

Tom Field • August 20, 2019

For years now, pediatrician Dale Nordenberg has been battling within the U.S. to ensure that medical device security is given proper attention and regulation. But it's a global concern, and his cause recently received a warm reception in Brazil.

Cyberwarfare / Nation-State Attacks

GAO: Army's New Cyber Units Understaffed and Underequipped

Apurva Venkat • August 19, 2019

To better prepare for cyberthreats posed by Russia and China, the U.S. Army has been building cyber and electronic warfare units. But a new report from the Government Accountability Office finds that these units are understaffed, underequipped and in need of better training.

Identity & Access Management

Case Study: Improving ID and Access Management

Marianne Kolbasuk McGee • August 19, 2019

What are some of the moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.

Cybercrime

European Central Bank Closes a Website Following Hack

Scott Ferguson • August 16, 2019

The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan • August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Account Takeover

The Renaissance of Deception Technology

Nick Holland • August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

Business Continuity Management / Disaster Recovery

Cleaning Up After Ransomware Attacks Isn't Easy

Marianne Kolbasuk McGee • August 15, 2019

The experiences of two healthcare organizations that are still recovering from recent ransomware attacks after they refused to pay a ransom illustrate the challenges these incidents pose long after the initial attack.

Biometrics

Biometric Security Vendor Exposes Fingerprints, Face Data

Jeremy Kirk • August 15, 2019

A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.

Cybercrime

Cloud Atlas Uses Polymorphic Techniques to Avoid Detection

Jeffrey Burt • August 15, 2019

The group behind the Cloud Atlas cyber espionage campaigns, which were first detected five years ago, is now deploying polymorphic techniques designed to avoid monitoring and detection, according to researchers at Kaspersky Lab.

Governance

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Akshaya Asokan • August 14, 2019

Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.