Amazon CEO Jeff Bezos (Source: Steve Jurvetson via Wikimedia Commons/CC)

The Bezos Phone Hack: Narrative Framed by Loose Facts

Jeremy Kirk • January 24, 2020

It's a seductive story line: A chat app belonging to Saudi Arabia's Crown Prince is used to deliver malware to an American billionaire's phone. But a forensic investigation of Amazon CEO Jeff Bezos' phone raises more questions than it answers.

Anti-Phishing, DMARC

Microsoft Warns of Zero-Day Internet Explorer Exploits

Latest

Cybercrime

Stolen Payment Card Trafficking Mastermind Pleads Guilty

Scott Ferguson • January 24, 2020

Aleksey Burkov, who was extradited from Israel to the U.S. in November, plead guilty this week to several federal charges related to his site "Cardplanet," which trafficked in stolen payment card data.

Cybercrime

Hackers Target European Energy Firm: Researchers

Scott Ferguson • January 24, 2020

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future.

Endpoint Security

Vulnerabilities Found in Some GE Healthcare Devices

Marianne Kolbasuk McGee • January 24, 2020

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches.

Cyberwarfare / Nation-State Attacks

Analysis: New Details on the Hacking of Jeff Bezos' iPhone

Nick Holland • January 24, 2020

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

Breach Notification

POS Vendor for Cannabis Dispensaries Exposed Data: Report

Marianne Kolbasuk McGee • January 23, 2020

A point-of-sale system vendor that serves U.S. medical and recreational cannabis dispensaries left an unprotected database containing sensitive information about three clients and 30,000 of their customers exposed to the internet, researchers say.

Cybercrime

Treasury Wants to Collect More Cyber Risk Details From Banks

Ishita Chigilli Palli • January 23, 2020

The U.S. Treasury Department is proposing to collect more information from banks and financial markets about the cybersecurity risks they face to help ensure the security of financial infrastructure.

Cybercrime

FBI Warns: Beware of Spoofed Job Application Portals

Akshaya Asokan • January 23, 2020

The FBI's Internet Crime Complaint Center has issued an alert warning that fraudsters are using spoofed job application portals and websites to steal personal information, including payment card details, from would-be applicants.

Cybercrime

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz • January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Cyberwarfare / Nation-State Attacks

Documents Describe US Cyber Command's Campaign to Hack ISIS

Ishita Chigilli Palli • January 22, 2020

The U.S. Cyber Command's campaign to hack ISIS and disrupt its media operations faced some challenges, including a lack of data storage, but ultimately proved successful, according to government documents from 2016 that were made public Tuesday.

Cyberwarfare / Nation-State Attacks

BT and Vodafone Reportedly Want Huawei 5G Gear

Mathew J. Schwartz • January 22, 2020

Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Breach Notification

Federal Breach Tally: 2020 Trends So Far

Marianne Kolbasuk McGee • January 21, 2020

Three weeks into the new year, several hacking incidents involving email have already been added to the federal tally of major health data breaches. How should organizations stay one step ahead?