Latest

Cybercrime

Facebook Eyes Spammers for Mega-Breach

Mathew J. Schwartz  •  October 18, 2018

Facebook is eyeing spammers as being the culprits behind its recently disclosed mega-breach, The Wall Street Journal reports. Preliminary findings from Facebook's internal investigation suggest that the attackers were not affiliated with a nation-state, but rather part of a known spam ring, the newspaper reports.

Blockchain & Cryptocurrency

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers

Jeremy Kirk  •  October 18, 2018

An analysis of attacks against cryptocurrency exchanges over nearly two years shows hackers have inflicted $882 million in damages, according to the Russian security firm Group-IB. The tally of losses is likely to grow next year, the company warns.

Cybercrime

US Voter Records for Sale on Hacker Forum

Jeremy Kirk  •  October 16, 2018

A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records.

Anti-Phishing, DMARC

10 Cyberattacks Investigated Weekly by UK

Mathew J. Schwartz  •  October 16, 2018

The U.K.'s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say.

Breach Notification

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Mathew J. Schwartz  •  October 15, 2018

The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.

Encryption & Key Management

Tech Companies Bristle at Australia's Crypto Legislation

Jeremy Kirk  •  October 15, 2018

The disagreements continue over Australia's efforts to pass legislation that would help law enforcement counter encryption. Technology companies and civil liberties organizations contend the latest draft of legislation would allow for too much secrecy and imperil privacy and security.

Breach Response

Facebook Clarifies Extent of Data Breach

Howard Anderson  •  October 12, 2018

Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected.

Cybercrime

Criminals' Cryptocurrency Addiction Continues

Mathew J. Schwartz  •  October 12, 2018

Cryptojacking - the hidden mining of virtual currencies - continues to be a focus for online attackers. As the detection of cryptocurrency mining malware continues to rise, Europol warns that cryptojacking will remain "a regular, low-risk revenue stream for cybercriminals."

Endpoint Security

Review Shows Glaring Flaws In Xiongmai IoT Devices

Jeremy Kirk  •  October 12, 2018

Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.

An Assessment of Google's Data Leak

Nick Holland  •  October 12, 2018

An in-depth report on the exposure of personal details for 500,00 Google+ accounts leads the latest edition of the ISMG Security Report. Also featured: an update on mitigating the risk of business email compromises and tips for protecting critical infrastructure.

Governance

Network vs. Endpoint Security: Striking the Right Balance

Varun Haran  •  October 12, 2018

With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner.

Anti-Malware

GandCrab Ransomware Partners With Crypter Service

Mathew J. Schwartz  •  October 11, 2018

The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.