Latest

Identity & Access Management

MassMutual Taps Into the Power of Data Science

Tom Field  •  August 14, 2020

Ariel Weintraub joined MassMutual last fall to focus on putting data science to work to help improve the insurance company's security operations and identity and access management programs. What are the early use cases and lessons learned?

Business Continuity Management / Disaster Recovery

Analysis: Did Barclays Go Too Far in Monitoring Employees?

Anna Delaney  •  August 14, 2020

The latest edition of the ISMG Security Report analyzes why Barclays is being investigated for allegedly spying on its employees. Also featured: How the pandemic is affecting CISOs; an FBI assessment of nation-state threats to U.S. election.

Breach Notification

Health Data Breach Tally Surges

Marianne Kolbasuk McGee  •  August 13, 2020

Why has the tally of major health data breaches - and the number of individuals affected - spiked in recent weeks? Here's an analysis of the latest trends.

Anti-Phishing, DMARC

SANS Institute Sees Its Breach as Teachable Moment

Chinmay Rautmare  •  August 13, 2020

The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.

►

Business Email Compromise (BEC)

Thwarting BEC Scams That Target Privileged Users

Geetha Nandikotkur  •  August 13, 2020

To help mitigate the risks posed by business email compromise scams that target privileged users, enterprises need to create a detailed enterprise risk management plan that spells out procedures to secure accounts, says Espen Otterstad, CISO at Norwegian telematics company ABAX AS.

Application Security

More Microsoft Zero-Day Flaws Being Exploited

Prajeet Nair  •  August 12, 2020

Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.

Cyberwarfare / Nation-State Attacks

VP Pick Kamala Harris Has Supported Election Security Bills

Scott Ferguson  •  August 12, 2020

Sen. Kamala Harris of California, presumptive Democratic presidential nominee Joe Biden's pick for his vice presidential running mate, has a track record of interest in election security issues. But so far, none of her sponsored measures have won Congressional approval.

Cybercrime

Maze Reportedly Posts Exfiltrated Canon USA Data

Doug Olenick  •  August 12, 2020

The Maze ransomware group has posted on its darknet website some data it claims it stole during a recent attack against Canon USA, according to the security firm Emsisoft.

Governance & Risk Management

Unsecured Database Exposed on Web - Then Deleted

Marianne Kolbasuk McGee  •  August 12, 2020

While the exposure of insecure databases on the internet is relatively common, a recent incident featured an unusual twist - the data was mysteriously deleted.

Business Email Compromise (BEC)

Beware: AgentTesla Infostealer Now More Powerful

Akshaya Asokan  •  August 12, 2020

The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.

Endpoint Security

The Risks Posed by Wireless Automotive Dongles

Jeremy Kirk  •  August 12, 2020

New research has uncovered widespread vulnerabilities in wireless dongles that plug into a vehicle's OBD-II port. The inexpensive IoT devices have put new power into the hands of consumers to monitor their vehicles or check fault codes, but they could also open up new vectors for attacks.

Business Email Compromise (BEC)

BEC Scam Costs Trading Firm Virtu Financial $6.9 Million

Doug Olenick  •  August 11, 2020

High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.