Latest

Fraud Management & Cybercrime

Analysis: Fallout From the Snowden Memoir

Nick Holland  •  September 20, 2019

The latest edition of the ISMG Security Report features a discussion of the controversies surrounding the release of whistleblower Edward Snowden's memoir. Also featured: An update on Lumen PDF's breach disclosure; insights on financial services identity management issues.

Cybercrime

Phony IRS Emails Promise Refund, But Deliver Botnet Instead

Apurva Venkat  •  September 19, 2019

A new phishing email campaign promises to deliver a tax refund, but instead helps spread a botnet called Amadey, according to researchers at the security firm Cofense.

Cybercrime

Cryptoming Botnet Smominru Returns With a Vengeance

Jeffrey Burt  •  September 19, 2019

The crypotmining botnet Smominru, which has been around since at least 2017, has resurfaced with a new campaign that has infected 90,000 devices worldwide, including in the U.S., China and Russia, according to security analysts at Guardicore.

Fraud Management & Cybercrime

2 Phishing Attacks Affect Presbyterian Health Plan Members

Marianne Kolbasuk McGee  •  September 19, 2019

Phishing incidents have had a big impact on members of Albuquerque, New Mexico-based Presbyterian Health Plan in recent weeks. Two separate, apparently unrelated, attacks potentially exposed a wealth of information on plan members.

Cyberwarfare / Nation-State Attacks

Facebook Removes Hundreds of Fake Accounts

Akshaya Asokan  •  September 19, 2019

Facebook announced this week that it has removed hundreds of fake accounts and pages. The majority of these originated in Ukraine or Iraq and used phony user identifications to spread misinformation in an attempt to influence local politics, the company says.

Governance

Lumin PDF Leak Exposed Data on 24 Million Users

Jeremy Kirk  •  September 18, 2019

Ignoring a breach disclosure can have ugly consequences. Case in point: Lumin PDF, a PDF editing tool, which saw data for much of its user base - about 24.3 million - published in an online forum late Monday. Data breach expert Troy Hunt says it's sign of the dysfunction in the breach disclosure process.

Governance

Justice Department Sues Snowden Over Memoir

Scott Ferguson  •  September 18, 2019

The U.S. Justice Department has sued Edward Snowden over his new memoir, claiming that the former NSA contractor violated a nondisclosure agreement he signed when he worked for the government before becoming the world's best-known whistleblower. The suit seeks to collect all profits from the book.

HIPAA/HITECH

Victim Total Soars in County Health Data Breach

Marianne Kolbasuk McGee  •  September 18, 2019

A Minnesota county that originally reported last December that a hacking incident affected about 600 individuals now says about 118,000 may have had healthcare data exposed. What's behind the huge spike?

Cyberwarfare / Nation-State Attacks

Senators Urge FCC to Review Licenses for Chinese Telecoms

Apurva Venkat  •  September 18, 2019

U.S. Senators Chuck Schumer, D-N.Y., and Tom Cotton, R-Ark., are asking the Federal Communications Commission to reconsider operating licenses granted to two Chinese telecommunications companies, citing concerns over national security and foreign espionage.

Fraud Management & Cybercrime

Investigation Launched After Ecuadorian Records Exposed

Akshaya Asokan  •  September 17, 2019

An unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet, according to a report from two independent security researchers. An official investigation is underway.

Artificial Intelligence & Machine Learning

Using Artificial Intelligence to Combat Card Fraud

Nick Holland  •  September 17, 2019

Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25.

Governance

Life After Snowden: US Still Lacks Whistleblowing Rules

Mathew J. Schwartz  •  September 16, 2019

Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.