Amidst finger-pointing over responsibility for the $81 million online theft from Bangladesh Bank, SWIFT has issued its first-ever information security guidance to banks, telling them that they're responsible for securing their own systems.
America's cyber infrastructure is under constant attack, and damage to it could have significant consequences. But the presidential candidates haven't had much to say about the issue. At ISMG's Fraud and Breach Prevention Summit, a panel of experts will address how the next president should tackle cybersecurity.
The FTC and FCC have launched security investigations of mobile device makers and wireless carriers, citing growing concerns over vulnerabilities that threaten "the security and integrity" of these products and services. The regulators are examining how security patches are distributed.
Close on the heels of the QNB leak, the same attackers have published data that appears to be from UAE-based InvestBank. The dump appears to contain payment card data, as well as a large number of sensitive, internal files relating to the bank's employees and systems.
Russian email service Mail.Ru says its users' credentials contained in data leaked to Hold Security are 99.982 percent invalid, leading it to slam the security firm for stoking "media hype." But Hold Security's CISO contends the leak contains valid email addresses that could be used for phishing and spam.
A security firm claims to have obtained from a young Russian hacker a data set that includes 272 million unique credentials for Hotmail, Gmail and Yahoo email addresses, among others. But there's no reason to panic, security experts say.
The section chief of the FBI's Cyber Division says "the FBI does not condone payment of ransom," in part because it enables criminals to victimize others. Instead, the bureau continues to urge all potential victims to get their IT house in order.
Following the theft of $81 million from Bangladesh Bank, is it time for banks to make SWIFT money transfers less automated and better supervised and thus secure? An alleged scam from the days of telex machines and code books offers useful perspective.
Despite continued efforts to shore up security to protect payment card data and other financial information, the U.S. financial services and retail sectors had more data breaches in 2015 than any other business sectors worldwide, according to Verizon's latest Data Breach Investigations report.
In an alert to banks, SWIFT warns that it's seen repeat attempts by hackers to subvert its messaging system, which banks around the world use to move money. It's released a "mandatory" software update to help customers identify signs of attack.
The online heist of $81 million from Bangladesh Bank involved custom malware that hacked the database used by the bank's SWIFT software, allowing attackers to transfer money and hide their tracks, according to BAE Systems Applied Intelligence. SWIFT will issue software updates and security guidance to all customers.
Like last year's breach of the online dating site Ashley Madison - tagline: "Life is Short. Have an Affair." - this year's release of the "Panama Papers" is holding individuals accountable for actions which, if not always illegal, in many cases appear to have at least been unethical.
Epic Systems' successful lawsuit against India's Tata Consultancy Services raises many security questions. For example, why did Epic find out about the allegedly inappropriate downloading of trade secrets from an external whistleblower, rather than as a result of internal detection efforts?