'ShadowHammer' Spreads Across Online Gaming Supply Chain

Scott Ferguson • April 24, 2019

A sophisticated supply-chain attack dubbed Operation ShadowHammer is becoming more pervasive, with the group targeting online gamers, security researchers at Kaspersky Lab warn.

Application Security

'Sea Turtle' DNS Hijacking Group Conducts Espionage: Report

Latest

Cybersecurity

'Five Eyes' Intelligence Members to Detail Cyber Threats

Mathew J. Schwartz • April 24, 2019

For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate, sharing a stage in Glasgow, Scotland, during the CyberUK conference. The Five Eyes alliance comprises Australia, Canada, New Zealand, the U.K. and U.S.

Anti-Fraud

HSBC Whistleblower: Fraud Fight Still Has Long Way to Go

Nick Holland • April 24, 2019

Everett Stern, the whistleblower who called attention to HSBC's international money laundering activities, which ultimately resulted in a $1.9 billion fine, says the crackdown on financial fraud still has a long way to go. He'll be the keynoter at ISMG's Fraud and Breach Summit in Chicago on May 14.

ATM Fraud

'Silence' Cybercrime Gang Targets Banks in More Regions

Scott Ferguson • April 23, 2019

Known for targeting banks and ATMs in Russia and other Eastern European countries, the "Silence" gang apparently is now expanding into other regions, using a combination of custom malicious tools and "living-off-the-land" techniques, researchers report.

Anti-Fraud

The FBI's RAT: Blocking Fraudulent Wire Transfers

Jeremy Kirk • April 23, 2019

Fraud, e-hustles and social engineering attacks continues to proliferate, the FBI's latest report into the state of internet crime confirms. But over the past year, a new FBI tactic for quickly stopping fraudulent wire transfers has notched notable successes.

Data Breach

What Led to a $4.7 Million Breach Lawsuit Settlement?

Scott Ferguson • April 22, 2019

Washington State University has agreed to pay more than $4.7 million to settle a lawsuit stemming from the theft of a portable hard disk drive from a self-storage unit. The drive contained information - much of it unencrypted - on more than 1 million individuals.

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson • April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz • April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Business Continuity/Disaster Recovery

Today's Forecast: Cloudy With a Chance of Malware

Scott Ferguson • April 18, 2019

For about 90 minutes Thursday morning, the broadcast of The Weather Channel's signature early show, "AMHQ," was shut down by what the company called "a malicious software attack."

Anti-Malware

Researchers: Malware Can Be Hidden in Medical Images

Marianne Kolbasuk McGee • April 17, 2019

A "flaw" in the file format of the DICOM standard for communication of medical imaging information could be exploited to hide malware in MRI and CT scans alongside patient data, according to a new research report. But the developer of DICOM contends the feature isn't a flaw and any risks can be mitigated.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson • April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.

Data Breach

Wipro Detects Phishing Attack: Investigation in Progress

Suparna Goswami • April 16, 2019

Indian IT service firm Wipro on Tuesday said that it has detected abnormal activities on some of its employee accounts due to an advanced phishing campaign. An investigation is continuing, the company confirms.