Computer security expert Alan Woodward

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Mathew J. Schwartz • October 15, 2019

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.

Endpoint Security

UK Police Auction TalkTalk Hacker's Cryptocurrency Stash

Latest

Business Continuity Management / Disaster Recovery

Ransomware Attacks: STOP, Dharma, Phobos Dominate

Mathew J. Schwartz • October 16, 2019

Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma .cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.

Blockchain & Cryptocurrency

'Graboid' Cryptojacking Worm Spreads Through Containers

Jeffrey Burt • October 16, 2019

Attackers are using Docker containers to spread a cryptojacking worm in a campaign dubbed "Graboid," according to researchers at Palo Alto Network's Unit 42 threat research unit. Although the researchers describe the campaign as "relatively inept," they says it has the potential to become much more dangerous.

Cybercrime

'Silent Librarian' Revamps Phishing Campaign: Proofpoint

Apurva Venkat • October 16, 2019

"Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S. and Europe in an attempt to steal intellectual property, according to the security firm Proofpoint.

CISO Trainings

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

Information Security Media Group • October 16, 2019

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization...

Endpoint Security

IoT in Vehicles: The Trouble With Too Much Code

Jeremy Kirk • October 16, 2019

The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of BlackBerry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.

Blockchain & Cryptocurrency

Libra Association Launched Amidst Defections, Congressional Scrutiny

Akshaya Asokan • October 15, 2019

The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

Cybercrime

FIN7 Gang Returns With New Malicious Tools: Researchers

Apurva Venkat • October 15, 2019

Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Business Continuity Management / Disaster Recovery

Pitney Bowes Says Ransomware Behind System Outages

Jeremy Kirk • October 15, 2019

Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear to be at risk. The postage meter maker says "all options" are being considered for recovery, meaning that it could pay a ransom.

3rd Party Risk Management

Analysis: New ISO Privacy Standard

Suparna Goswami • October 15, 2019

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.

Governance

Imperva's Breach Post-Mortem: API Key Left Exposed

Jeremy Kirk • October 14, 2019

Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.

Cybercrime

Capital One Hacking Trial Delay Likely

Scott Ferguson • October 11, 2019

Defense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.

Breach Notification

Hacked Off: Lawsuit Alleges CafePress Used Poor Security

Mathew J. Schwartz • October 11, 2019

Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.