Down and Out in Hacktivist Land

Mathew J. Schwartz • August 23, 2019

Where have all the hacktivists gone? While the likes of Anonymous, AntiSec and LulzSec became household names in the early 2010s, in the past three years the number of website hacks, defacements and information leaks tied to bona fide hacktivists has plummeted.

Cloud Access Security Brokers (CASB)

Prosecutors Allege Capital One Suspect Stole From Many Others

Latest

Anti-Money Laundering (AML)

80 Indicted for Scams, Including Business Email Compromises

Scott Ferguson • August 23, 2019

Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation.

Cyberwarfare / Nation-State Attacks

Chinese APT Groups Target Cancer Research Facilities: Report

Jeffrey Burt • August 23, 2019

Chinese advanced persistent threat groups are targeting cancer research organizations across the globe with the goal of stealing their work and using it to help the country address growing cancer rates among its population, according to researchers at cybersecurity company FireEye.

3rd Party Risk Management

Analysis: The Texas Ransomware Mess

Nick Holland • August 23, 2019

The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts.

ATM Fraud

'Silence' Gang Ramps Up Bank Assaults

Jeffrey Burt • August 22, 2019

"Silence," a Russian-speaking criminal group that has stolen $4.2 million from ATMs and financial institutions since 2016, has become more active this year, using new tools and tactics in its attacks and expanding its reach globally, according to the security firm Group-IB.

3rd Party Risk Management

Cloud Security: Mess It Up and It's on You

Jeremy Kirk • August 22, 2019

The transition to cloud-based software and infrastructure has revolutionized development and services. It's also created a bevy of new security challenges. Jay Heiser of Gartner says if organizations don't get cloud security right, it's their own fault. Here's why.

Anti-Phishing, DMARC

Why Did Federal Agencies See Fewer Breaches in 2018?

Apurva Venkat • August 21, 2019

Federal government agencies experienced 12 percent fewer cyber incidents in 2018, when there were no "major" data breaches, according to a new White House report. But the report notes there's still plenty of risk mitigation work to be done.

Account Takeover

Fake VPN Website Delivers Banking Trojan

Akshaya Asokan • August 21, 2019

Researchers at the security firm Doctor Web have uncovered a fake website for a VPN provider that's designed to spread a Trojan that can steal credentials to bank accounts.

Governance

Is Apple's Top $1 Million Bug Bounty Too Much?

Jeremy Kirk • August 21, 2019

Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.

Biometrics

Use of Facial Recognition Stirs Controversy

Apurva Venkat • August 20, 2019

A developer's use of facial recognition technology to scan the faces of pedestrians in London has sparked concerns from residents, the mayor and Britain's privacy watchdog. Meanwhile, the use of the technology is raising privacy concerns worldwide and is even becoming an issue in the U.S. presidential race.

Cybercrime

Threat Intel for a Global Economy

Tom Field • August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

Endpoint Security

Medical Device Security: The Doctor's View

Tom Field • August 20, 2019

For years now, pediatrician Dale Nordenberg has been battling within the U.S. to ensure that medical device security is given proper attention and regulation. But it's a global concern, and his cause recently received a warm reception in Brazil.

Cyberwarfare / Nation-State Attacks

GAO: Army's New Cyber Units Understaffed and Underequipped

Apurva Venkat • August 19, 2019

To better prepare for cyberthreats posed by Russia and China, the U.S. Army has been building cyber and electronic warfare units. But a new report from the Government Accountability Office finds that these units are understaffed, underequipped and in need of better training.