Planning for the Shifting Threat Landscape

Varun Haran • August 17, 2018

The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.

Awareness & Training

FBI: Global Business Email Compromise Losses Hit $12.5 Billion

Latest

Cybercrime

Australian Teenager Pleads Guilty to Hacking Apple

Mathew J. Schwartz • August 17, 2018

An Australian teenager was such a fan of Apple that he hacked into the technology giant's mainframe, according to media reports. The teen has pleaded guilty to stealing 90 GB of sensitive information. But Apple says no customers' personally identifiable information was exposed.

Cyberwarfare / Nation-state attacks

Trump Pulls Gloves Off on Offensive Cyber Actions

Jeremy Kirk • August 17, 2018

U.S. President Donald Trump signed a presidential order on Wednesday that revokes a set of Obama-era guidelines for offensive cyber operations, The Wall Street Journal reports. The policy change may satisfy critics who contend the U.S. should be able to move faster, but it raises risks of escalating cyber conflict.

Anti-Malware

Fighting Sandbox-Evading Malware

Varun Haran • August 17, 2018

Malware detection needs to shift to detecting anomalous behavior, rather than depending on signature-based detection technologies to deal with such threats as sandbox-evading malware, says Verizon's Ashish Thapar.

Finance

Widespread Phishing Campaign Targets Financial Institutions

Nick Holland • August 17, 2018

A phishing attack on Wednesday fueled by the Necurs botnet targeted at least 2,700 banking institutions of various sizes in the U.S. and around the world, explains Aaron Higbee of Cofense, which detected the attack.

Data Breach

The Industrial Internet of Things: Emerging Risks

Nick Holland • August 17, 2018

Leading the latest edition of the ISMG Security Report: Chris Morales of the cybersecurity firm Vectra discusses how the industrial internet of things is changing the nature of industrial espionage and disruption.

Data Breach

AT&T Sued Over $24 Million Cryptocurrency SIM Hijack Attacks

Jeremy Kirk • August 16, 2018

A cryptocurrency investor is suing AT&T for $240 million, alleging he lost $24 million in virtual currency after the carrier failed to stop two separate attacks where his phone number was commandeered by attackers. The incident highlights the dangers of using a phone number as an authentication channel.

Next-Generation Technologies & Secure Development

Analysis: Updates to STIX, TAXII Standards

Varun Haran • August 16, 2018

The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards.

Data Breach

Intel Has a New Speculative Execution Issue: Foreshadow

Jeremy Kirk • August 15, 2018

The Meltdown and Spectre attacks from earlier this year showed how the quest to make CPUs run faster inadvertently introduced serious security vulnerabilities. Now, researchers have unveiled a new attack called Foreshadow that builds on those findings, affecting millions of Intel processors made over the past five...

ATM Fraud

FBI Warns Of Pending Large Scale ATM Cashout Strike

Jeremy Kirk • August 14, 2018

The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.

Data Breach

D-Link Routers In Brazil Fall To DNS Tampering

Jeremy Kirk • August 13, 2018

Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.

Anti-Malware

Are Legacy Medical Device Security Flaws Going Unfixed?

Marianne Kolbasuk McGee • August 13, 2018

Many medical device makers appear to building better cybersecurity into their products, but some manufacturers are still avoiding fixing vulnerabilities in legacy devices that pose potential safety risks, says security researcher Billy Rios, who discusses the latest flaws in some Medtronic cardiac devices.

Endpoint Security

Tracking Cybersecurity Threats in Manufacturing

Nick Holland • August 13, 2018

With the rise of the industrial internet of things comes a far broader attack surface in the manufacturing sector. Chris Morales of Vectra outlines findings of a new report on cyberattack trends in the manufacturing sector.