Latest

►

Cybercrime

Threat Intel for a Global Economy

Tom Field  •  August 20, 2019

The World Economic Forum recently identified "cyberattacks and data integrity concerns crippling large parts of the internet" as one of the top 10 global risks. Jaime Chanaga of NTT Data talks about the significance of that announcement and the concerns global security leaders face headed into 2020.

►

Endpoint Security

Medical Device Security: The Doctor's View

Tom Field  •  August 20, 2019

For years now, pediatrician Dale Nordenberg has been battling within the U.S. to ensure that medical device security is given proper attention and regulation. But it's a global concern, and his cause recently received a warm reception in Brazil.

Breach Notification

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz  •  August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

Identity & Access Management

Case Study: Improving ID and Access Management

Marianne Kolbasuk McGee  •  August 19, 2019

What are some of the moves that organizations can make to improve their identity and access management? Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan  •  August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Account Takeover

The Renaissance of Deception Technology

Nick Holland  •  August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

Active Defense & Deception

Making the Most of an Investment in Deception Technology

Jeremy Kirk  •  August 15, 2019

Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.

Cybercrime

Cloud Atlas Uses Polymorphic Techniques to Avoid Detection

Jeffrey Burt  •  August 15, 2019

The group behind the Cloud Atlas cyber espionage campaigns, which were first detected five years ago, is now deploying polymorphic techniques designed to avoid monitoring and detection, according to researchers at Kaspersky Lab.

Governance

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Akshaya Asokan  •  August 14, 2019

Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.

Application Security

Report: SEC Investigates First American Data Exposure

Jeremy Kirk  •  August 13, 2019

The U.S. Securities and Exchange Commission is investigating the exposure of personal and mortgage-related records from First American Financial Corp., according to security blogger Brian Krebs. First American spent $1.7 million on the incident in its second quarter, but investigations and lawsuits are looming.

Endpoint Security

SQLite Vulnerability Permits iOS Hack: Report

Akshaya Asokan  •  August 13, 2019

Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.

Artificial Intelligence & Machine Learning

Elon Musk Wants to Hack Your Brain

Mathew J. Schwartz  •  August 13, 2019

The news that serial entrepreneur Elon Musk and scientists have unveiled Neuralink - a neuroscience startup that's been in stealth mode for two years and aims to create a new computer/brain interface - might make you ask: What took him so long? Before signing up, just make sure it's immune to ransomware.