US Imposes Sanctions on Iranian APT Group

Doug Olenick • September 17, 2020

The U.S. Treasury Department on Thursday imposed sanctions on an Iranian advanced persistent threat group, 45 associated individuals and a front company the Iranian government allegedly used to run a years-long malware campaign that targeted Iranian dissidents, journalists and others.

Business Continuity Management / Disaster Recovery

Does This Exposed Chinese Database Pose a Security Threat?

Latest

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Blockchain & Cryptocurrency

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Prajeet Nair • September 17, 2020

Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Cybercrime

Analyzing the Role of Fraud Fusion Centers

Akshaya Asokan • September 17, 2020

Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.

Business Continuity Management / Disaster Recovery

Ransomware Attack at Hospital Leads to Patient's Death

Marianne Kolbasuk McGee • September 17, 2020

A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.

Cyberwarfare / Nation-State Attacks

2 Iranians Indicted for Lengthy Hacking Campaign

Akshaya Asokan • September 17, 2020

Two Iranian nationals have been charged with participating in a years-long hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data, according to the U.S. Department of Justice.

Breach Notification

Dunkin' Data Breach Settlement Paves the Way for More Suits

Doug Olenick • September 17, 2020

Dunkin' Brands' settlement with the New York state attorney general of a lawsuit tied to a 5-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states - as well as customers.

Fraud Management & Cybercrime

Researcher Describes Risks Posed by Posting Boarding Passes

Jeremy Kirk • September 17, 2020

An Instagram post by one of Australia's former prime ministers led to a security researcher finding his passport and phone number due to a coding error in a widely used airline ticketing system. The bug has been fixed, but it's another warning to avoid posting photos of boarding passes.

Cyberwarfare / Nation-State Attacks

Iranian Hackers Exploiting Unpatched Vulnerabilities

Akshaya Asokan • September 16, 2020

The hacking group "Pioneer Kitten," which has suspected ties to the Iranian government, is taking advantage of several unpatched vulnerabilities and using open source tools to target U.S. businesses as well as federal government agencies, according to the Cybersecurity and Infrastructure Security Agency.

Cyberwarfare / Nation-State Attacks

TikTok's Response to Trump? Let's Make a Deal

Mathew J. Schwartz • September 16, 2020

President Donald Trump says TikTok and Oracle are close to making a deal. Don't neglect to read the fine print. While the president has demanded TikTok divest its U.S. operations - preferably to Oracle - because of national security concerns, the Chinese firm is instead offering Oracle a minority stake.

Account Takeover Fraud

Payment Card Skimming Hits 2,000 E-Commerce Sites

Prajeet Nair • September 15, 2020

From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe's Magento software, possibly resulting in the theft of payment card data, according to Sanguine Security.

Governance & Risk Management

How to Achieve Better Digital Privacy Protection

Anna Delaney • September 15, 2020

Stuart Brotman, a digital privacy and cybersecurity adviser, says a "multidimensional approach" to digital privacy protection is required because "law and regulation are not the ultimate solution."

Breach Notification

Breach of COVID-19 Test Data Undermines Pandemic Response

Mathew J. Schwartz • September 15, 2020

What's one of the worst things that can happen during a pandemic? The answer is anything that gives people less reason to trust in their public health system to handle the crisis. Enter a data breach that has exposed personal information for everyone who's ever tested positive for the disease in Wales.