Latest

Cyberwarfare / Nation-State Attacks

GAO: Army's New Cyber Units Understaffed and Underequipped

Apurva Venkat  •  August 19, 2019

To better prepare for cyberthreats posed by Russia and China, the U.S. Army has been building cyber and electronic warfare units. But a new report from the Government Accountability Office finds that these units are understaffed, underequipped and in need of better training.

Identity & Access Management

Case Study: Improving ID and Access Management

Marianne Kolbasuk McGee  •  August 19, 2019

What are some of moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.

Cybercrime

European Central Bank Closes a Website Following Hack

Scott Ferguson  •  August 16, 2019

The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan  •  August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Account Takeover

The Renaissance of Deception Technology

Nick Holland  •  August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

Breach Notification

A Summer of Data Breach Discontent

Marianne Kolbasuk McGee  •  August 16, 2019

When we look at many of the biggest healthcare data breaches reported so far this summer, two big culprits pop out: ransomware attacks and vendor mishaps. What other trends will emerge?

Active Defense & Deception

Making the Most of an Investment in Deception Technology

Jeremy Kirk  •  August 15, 2019

Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.

Cybercrime

Cloud Atlas Uses Polymorphic Techniques to Avoid Detection

Jeffrey Burt  •  August 15, 2019

The group behind the Cloud Atlas cyber espionage campaigns, which were first detected five years ago, is now deploying polymorphic techniques designed to avoid monitoring and detection, according to researchers at Kaspersky Lab.

Governance

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Akshaya Asokan  •  August 14, 2019

Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.

Cybercrime

AMCA Breach Victim Count Continues to Grow

Marianne Kolbasuk McGee  •  August 14, 2019

The American Medical Collection Agency breach continues to grow messier, with more companies being added to the victim count. Here's the very latest tally.

Endpoint Security

SQLite Vulnerability Permits iOS Hack: Report

Akshaya Asokan  •  August 13, 2019

Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.

Application Security

Apple Expands Bug Bounty; Raises Max Reward to $1 Million

Jeremy Kirk  •  August 12, 2019

Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.