Huawei Gets 90-Day Reprieve on Ban

Scott Ferguson • May 21, 2019

The U.S. Commerce Department will offer a 90-day reprieve to a handful of companies that conduct business with Huawei before the Trump administration's ban on the use of the Chinese company's technologies fully kicks in, the Wall Street Journal reports. Meanwhile, Google announces it will continue to work with Huawei.

Data Loss

Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent

Latest

Anti-Malware

E-Commerce Skimming Attacks Evolve Into iFrame Injection

Jeremy Kirk • May 22, 2019

Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.

Anti-Malware

MuddyWater APT Group Upgrades Tactics to Avoid Detection

Scott Ferguson • May 21, 2019

MuddyWater, an advanced persistent threat group that has targeted organizations in the Middle East, has changed some of its tactics to better avoid detection as it continues to plant backdoors within targeted networks, according to new research from Cisco Talos.

Anti-Money Laundering (AML)

Whistleblower Everett Stern: 'Do the Right Thing'

Tom Field • May 20, 2019

It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

Cloud Access Security Brokers (CASB)

Phishing: Mitigating Risk, Minimizing Damage

Marianne Kolbasuk McGee • May 20, 2019

As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage.

Application Security

Salesforce Says Permissions Bungle Almost Fixed

Jeremy Kirk • May 20, 2019

Salesforce says it has nearly recovered from a botched database update that wiped out user permissions within its Pardot marketing management product on Friday. The error allowed Salesforce users access to previously restricted profiles.

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk • May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland • May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Cyberwarfare / Nation-state attacks

Bill Would Help Congress Track Offensive 'Cyber Tool' Sales

Scott Ferguson • May 16, 2019

A House panel has approved a measure designed to make sure Congress is informed when U.S. companies sell offensive cyber technologies to other nations' governments. The measure was introduced after a U.S. firm sold technologies to the United Arab Emirates that were used to target activists and journalists.

Breach Preparedness

Trump Signs Executive Order That Could Ban Huawei

Jeremy Kirk • May 16, 2019

U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.

Cybercrime

Surge in JavaScript Sniffing Attacks Continues

Scott Ferguson • May 16, 2019

The magazine subscription page for Forbes magazine and two web service platforms were hit with separate skimming attacks this week, security researchers say. Attackers are increasingly using JavaScript sniffing to steal credit card and other personal data.

Breach Response

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Mathew J. Schwartz • May 16, 2019

European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk • May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.