'Silent Librarian' Revamps Phishing Campaign: Proofpoint

Apurva Venkat • October 16, 2019

"Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S. and Europe in an attempt to steal intellectual property, according to the security firm Proofpoint.

Business Continuity Management / Disaster Recovery

NSA Is Latest Intelligence Agency to Sound VPN Patch Alarm

Latest

Endpoint Security

IoT in Vehicles: The Trouble With Too Much Code

Jeremy Kirk • October 16, 2019

The threat and risk surface of internet-of-things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of Blackberry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.

Blockchain & Cryptocurrency

Libra Association Launched Amidst Defections, Congressional Scrutiny

Akshaya Asokan • October 15, 2019

The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

Cybercrime

FIN7 Gang Returns With New Malicious Tools: Researchers

Apurva Venkat • October 15, 2019

Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Legislation & Litigation

How Has FTC Data Security Enforcement Changed?

Marianne Kolbasuk McGee • October 15, 2019

In the wake of a federal appeals court ruling last year vacating a Federal Trade Commission enforcement action against LabMD, the FTC's data security consent orders are becoming far more detailed and rigorous, says former FTC attorney Julie O'Neill.

Cybercrime

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Mathew J. Schwartz • October 15, 2019

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.

3rd Party Risk Management

Analysis: New ISO Privacy Standard

Suparna Goswami • October 15, 2019

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.

Governance

CCPA Amendments Signed; Draft Regulations Released

Scott Ferguson • October 14, 2019

Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.

Breach Notification

Hepatitis Patients' Data Exposed

Marianne Kolbasuk McGee • October 14, 2019

The Philadelphia Department of Public Health inadvertently exposed on its website the records of thousands of hepatitis patients, according to a local news report. The incident points to the need for better staff training, one expert says.

Cyberwarfare / Nation-State Attacks

Nation-State Hackers Greatest Threat to 5G Networks: Report

Apurva Venkat • October 11, 2019

Nation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.

Account Takeover

Singapore Man Charged in Large-Scale Cryptomining Scheme

Apurva Venkat • October 11, 2019

A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.

3rd Party Risk Management

Analysis: Twitter's Phone Number Repurposing 'Mistake'

Nick Holland • October 11, 2019

The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.

Biometrics

Privacy: How Technology Is Outpacing Regulation

Suparna Goswami • October 10, 2019

To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.