Unscripted: 3 Security Leaders Dissect Today's Top Trends

Tom Field • April 16, 2021

No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?

►

Endpoint Security

Buying Breached Data: When Is It Ethical?

Latest

Governance & Risk Management

Identity Management at the Core of Recent M&A Activity

Doug Olenick • April 20, 2021

Identity management was the focus of three acquisitions announced in the last several days by Mastercard, Entrust and Keyfactor.

3rd Party Risk Management

Did Huawei Eavesdrop on KPN Mobile Network?

Mathew J. Schwartz • April 20, 2021

A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.

ATM / POS Fraud

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Scott Ferguson • April 19, 2021

A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

Cybercrime

How to Prevent Wire Transfer Fraud

Suparna Goswami • April 19, 2021

How is wire transfer fraud evolving, and how can the risk be mitigated? Three experts provide insights in this panel discussion.

Breach Notification

ISMG Editors’ Panel: The Facebook Breach and More

Anna Delaney • April 16, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney • April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

Artificial Intelligence & Machine Learning

Draft EU Regulation Proposes Curbs on AI for Surveillance

Akshaya Asokan • April 15, 2021

As Europe continues to debate the extent to which artificial intelligence should be allowed in public and other spaces, a draft EU regulation - leaked to a news site - shows some European lawmakers moving to restrict the use of facial recognition technology for surveillance.

Cyberwarfare / Nation-State Attacks

US Sanctions Russia Over SolarWinds Attack, Election Meddling

Scott Ferguson • April 15, 2021

The Biden administration has formally sanctioned Russia over the cyber operation that targeted SolarWinds and its customers as well as the disinformation campaign against the 2020 U.S. elections. The NSA and other agencies also attributed the SolarWinds attack to Russia's Foreign Intelligence Service, or SVR.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz • April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

COVID-19

Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

Marianne Kolbasuk McGee • April 14, 2021

Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk • April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Application Security

Microsoft Patches 4 Additional Exchange Flaws

Doug Olenick • April 13, 2021

Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.