7 Takeaways: Insider Breach at Twitter

Mathew J. Schwartz • November 15, 2019

Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Cyberwarfare / Nation-State Attacks

Microsoft Warns Users: Beware of Damaging BlueKeep Attacks

Latest

Fraud Management & Cybercrime

Roger Stone Found Guilty on All 7 Counts

Scott Ferguson • November 15, 2019

Roger J. Stone, Jr., a long-time associate of President Donald Trump, was found guilty Friday of lying to Congress, obstruction and witness tampering related to his efforts to feed the Trump campaign inside information about WikiLeaks in 2016. He'll be sentenced in February.

Anti-Phishing, DMARC

Phishing Campaigns Spoof Government Agencies: Report

Akshaya Asokan • November 15, 2019

A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S. Postal Service, in an effort to plant malware in victims' devices and networks via phishing campaigns, according to new research from Proofpoint.

Cybercrime

New JavaScript Skimmer Found on Ecommerce Sites

Scott Ferguson • November 15, 2019

Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 ecommerce websites in an effort to steal payment card data. Dubbed "Pipka," this skimmer has new capabilities to avoid detection.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Account Takeover

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency

Scott Ferguson • November 14, 2019

A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan • November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Device Identification

Why Medical Device Security Is So Challenging

Marianne Kolbasuk McGee • November 14, 2019

Bolstering medical device security is a top priority at Fort Worth, Texas-based Cook Children's Health Care System, says CIO Theresa Meadows, who's a leader of two cybersecurity advisory groups.

Endpoint Security

Report Calls for Enforcing Voting Machine Standards

Akshaya Asokan • November 13, 2019

A new report calls for the creation of a federal certification program that makes sure vendors that build election infrastructure - including voting machines - meet cybersecurity standards.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

'Devaluing' Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

Governance

Privacy Analysis: Google Accesses Patient Data on Millions

Marianne Kolbasuk McGee • November 13, 2019

A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns. That's because the project involves Ascension sharing with Google data on millions of its patients - without their permission.

Governance

Google's Push Into Health Sector: Emerging Privacy Issues

Marianne Kolbasuk McGee • November 13, 2019

With Google aggressively expanding its push into the healthcare sector, critical privacy-related issues are emerging, says regulatory attorney Alisa Chestler, who offers an overview of key issues.