Latest

Application Security

Analysis: Hijacking of Twitter Hacker's Virtual Hearing

Anna Delaney  •  August 7, 2020

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Cybercrime

Exploring the Forgotten Roots of 'Cyber'

Mathew J. Schwartz  •  August 7, 2020

One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?

Cybercrime

Global Cybercrime Surging During Pandemic

Marianne Kolbasuk McGee  •  August 6, 2020

Cybercriminals have shifted their focus from individuals and smaller businesses to target governments, critical health infrastructure and major corporations to maximize their profits and disruption during the COVID-19 pandemic, a new Interpol report warns.

Endpoint Security

Twitter Rushes to Fix Flaw in Android Version

Chinmay Rautmare  •  August 6, 2020

Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident.

Account Takeover

Screams, Porn Interrupt Virtual Hearing for Twitter Suspect

Jeremy Kirk  •  August 6, 2020

Chaos ensued when miscreants interrupted a virtual bail hearing on Wednesday for the suspected Twitter hacker, hijacking the feed with screams, chatter and, for a few brief seconds, pornography. The meeting details were public, and the meeting had not been password protected.

Endpoint Security

Garmin Reportedly Paid a Ransom

Doug Olenick  •  August 5, 2020

Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services.

Endpoint Security

How WastedLocker Evades Anti-Ransomware Tools

Prajeet Nair  •  August 5, 2020

WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos.

Governance & Risk Management

A Flaw Used by Stuxnet Wasn't Fully Fixed

Jeremy Kirk  •  August 5, 2020

Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be discussed at the Black Hat security conference on Thursday. The vulnerabilities are rooted in patches that Microsoft created to fix issues exploited by Stuxnet, the malware that hampered Iran's nuclear program.

Application Security

Why Flash Player Removal Should Be a Priority

Doug Olenick  •  August 4, 2020

Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.

►

Cybercrime

Top Cybersecurity Challenge: 'More Capable Threat Actors'

Mathew J. Schwartz  •  August 3, 2020

The pace of online crime hasn't been flagging, as "more capable threat actors" - criminals and nation-states alike - have been bringing more advanced tools and tactics to bear on victims, says Raj Samani, chief scientist at McAfee.

Cyberwarfare / Nation-State Attacks

Microsoft May Be TikTok's Privacy and Security Lifeline

Jeremy Kirk  •  August 3, 2020

Is Microsoft coming to TikTok's rescue? It appears that's a very strong possibility following President Donald Trump's threat Friday to ban the app in the U.S. Microsoft hasn't committed to buying part of TikTok, but says if it did, it would bring the popular app world-class security and privacy protections.

►

Artificial Intelligence & Machine Learning

Fraud Detection: Lessons From Novartis Case

Suparna Goswami  •  August 3, 2020

Incidents of fraud at pharmaceutical giant Novartis that resulted in over $1 billion in fines worldwide might have been avoided if the company's compliance team used data analytics to detect patterns, says Thomas Fox, a compliance evangelist and author.