Maksim Yukabets, who has been charged with stealing more than $100 million using Dridex malware, with his Lamborghini. (Source: U.K. National Crime Agency)

Two Russians Indicted Over $100M Dridex Malware Thefts

Jeremy Kirk • December 6, 2019

Two Russian men have been charged with stealing more than $100 million from banks around the world using the notorious Dridex malware, according to an unsealed U.S. indictment that caps off a decade-long investigation led by American and British law enforcement agencies.

3rd Party Risk Management

Facebook Breach Victims Can Sue For 'Reasonable' Security

Latest

Cybercrime

Wiper Malware Targets Middle Eastern Energy Firms: Report

Akshaya Asokan • December 6, 2019

A new malware campaign suspected of being tied to Iran has been targeting companies in the energy and industrial sectors in the Middle East, according to a report from IBM X-Force.

Endpoint Security

Analysis: Smart TV Risks

Nick Holland • December 6, 2019

The latest edition of the ISMG Security Report offers an analysis of the FBI's security and privacy warnings about smart TVs. Also featured: discussions on the security of connected medical devices and strategies for fighting synthetic identity fraud.

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.

Governance

GOP Federal Privacy Bill Would Supersede CCPA

Suparna Goswami • December 5, 2019

After several moves by Democrats to introduce federal privacy legislation, Republican Senator Roger Wicker on Tuesday unveiled a draft consumer privacy bill, the United States Consumer Data Privacy Act of 2019, that would override various state laws on privacy, including the California Consumer Privacy Act.

Breach Notification

2 Phishing-Related Health Data Breaches Grow Even Bigger

Marianne Kolbasuk McGee • December 4, 2019

Investigations of two apparently unrelated phishing-related breaches that affected members of Presbyterian Health Plan have revealed the incidents had an even bigger and broader impact than originally thought. This underscores the challenges organizations can face when assessing the true impact of breaches.

Application Security

FaceApp Could Pose 'Counter-Intelligence Threat': FBI

Akshaya Asokan • December 4, 2019

The Federal Bureau of Investigation warns that the photo-editing app FaceApp and other applications developed in Russia could be a "potential counter-intelligence threat" to the U.S.

3rd Party Risk Management

A Tale of Two Breach Lawsuits

Marianne Kolbasuk McGee • December 3, 2019

Two vendors serving the healthcare sector have been targeted with breach-related lawsuits. Experts say the incidents at the center of these cases showcase the potential risks posed by vendors.

Cybercrime

New Malware Campaign Uses Trojanized 'Tetris' Game: Report

Akshaya Asokan • December 3, 2019

A new malware campaign uses a Trojanized version of the game Tetris to target healthcare and educational institutions for credential stealing, according to Blackberry Cylance. Analysts have observed evidence of the threat actors attempting to deliver ransomware with the 'PyXie' Trojan.

Governance

SAP Software Update Exposed New Zealand Firearms Register

Jeremy Kirk • December 3, 2019

German software giant SAP has apologized after a software update mistakenly assigned higher-level privileges to some users within New Zealand's firearms buy-back database, exposing personal details for gun owners. The system has been shut down by police.

3rd Party Risk Management

Sentara Hospitals' HIPAA Settlement: Why $2.2 Million?

Marianne Kolbasuk McGee • December 2, 2019

Federal regulators have slapped Norfolk, Va.-based Sentara Hospitals with a $2.2 million HIPAA settlement for improperly reporting a breach and lacking a business associate agreement.

Governance

TrueDialog Unsecure Database Exposes SMS Data: Report

Akshaya Asokan • December 2, 2019

Researchers uncovered an unsecured database belonging to TrueDialog, a business SMS texting solutions provider, which exposed data on millions, including text messages, names, addresses and other information, according to a report by VPNMentor researchers. The database has since been closed.

Application Security

Mixcloud Breach Affects 21 Million Accounts

Jeremy Kirk • December 2, 2019

Digital streaming platform Mixcloud says it's the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet. The data on 21 million users is for sale in an underground market.