After 2 Years, WannaCry Remains a Threat

Scott Ferguson • May 17, 2019

Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.

Governance

WhatsApp Exploit Reveals 'Legalized Hacking' at Work

Latest

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk • May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland • May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Cyberwarfare / Nation-state attacks

Bill Would Help Congress Track Offensive 'Cyber Tool' Sales

Scott Ferguson • May 16, 2019

A House panel has approved a measure designed to make sure Congress is informed when U.S. companies sell offensive cyber technologies to other nations' governments. The measure was introduced after a U.S. firm sold technologies to the United Arab Emirates that were used to target activists and journalists.

Cybercrime

Surge in JavaScript Sniffing Attacks Continues

Scott Ferguson • May 16, 2019

The magazine subscription page for Forbes magazine and two web service platforms were hit with separate skimming attacks this week, security researchers say. Attackers are increasingly using JavaScript sniffing to steal credit card and other personal data.

Breach Response

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Mathew J. Schwartz • May 16, 2019

European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk • May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.

Anti-Malware

ScarCruft APT Group Targets Bluetooth With Malware: Report

Scott Ferguson • May 15, 2019

ScarCruft, a Korean-speaking APT group that has been targeting organizations mainly in Southeast Asia over the past three years, is developing new malware that targets Bluetooth-enabled devices, according to Kaspersky Lab.

Cybercrime

Hack of Japanese Retailer Exposes 460,000 Customer Accounts

Scott Ferguson • May 15, 2019

Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.

Governance

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Jeremy Kirk • May 14, 2019

Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.

Authentication

Anthem Cyberattack Indictment Provides Defense Lessons

Marianne Kolbasuk McGee • May 13, 2019

The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.

Business Email Compromise (BEC)

Nigerian BEC Scammers Use Malware to Up the Ante

Scott Ferguson • May 13, 2019

A growing area of concern for security researchers is a new crop of business email compromise schemes originating from Nigeria, with scammers upping their game by using new malware. The biggest of the crime gangs is SilverTerrier, according to Palo Alto Network's Unit 42.

Data Breach

Equifax's Data Breach Costs Hit $1.4 Billion

Mathew J. Schwartz • May 13, 2019

Equifax has reported a loss in its latest quarter due to ongoing incident response, legal, investigative and corporate information security overhaul costs resulting from its 2017 data breach. The credit reporting giant says that so far, it's spent $1.4 billion as a result of the massive breach.