Mueller Report: With Russian Hacking Laid Bare, What Next?

Mathew J. Schwartz • April 19, 2019

Robert Mueller's report into Russian interference clearly states: "The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion." In the wake of the Trump administration lifting some Russian sanctions, one expert says it must take the opposite tack.

Breach Response

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Latest

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson • April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz • April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

Data Breach

Wipro Detects Phishing Attack: Investigation in Progress

Suparna Goswami • April 16, 2019

Indian IT service firm Wipro on Tuesday said that it has detected abnormal activities on some of its employee accounts due to an advanced phishing campaign. An investigation is continuing, the company confirms.

Anti-Malware

US CERT Warns of N. Korean 'Hoplight' Trojan

Scott Ferguson • April 12, 2019

U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea. The malware has the ability to disguise the network traffic it sends back to its originators, making it more difficult to track its movements.

Anti-Malware

Two Romanian Nationals Convicted in 'Bayrob' Malware Case

Scott Ferguson • April 12, 2019

Two Romanian nationals have been convicted by a federal jury for their roles in stealing more than $4 million from victims by creating a botnet of more than 400,000 PCs through custom-designed malware called Bayrob.

Application Security

Another Scathing Equifax Post-Breach Report

Nick Holland • April 12, 2019

The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.

Endpoint Security

Android Devices Can Now Be Used as a Security Key

Jeremy Kirk • April 11, 2019

Google's latest security feature enables the use of Android phones as a security key, eliminating the need for a separate token or hardware device. The free feature is potentially more appealing that Google's Titan security keys, which cost $50.

Anti-Malware

Kaspersky: New 'TajMahal' APT Malware Enables Espionage

Scott Ferguson • April 10, 2019

A new type of malware, dubbed TajMahal, offers its users a host of espionage techniques, including the ability to steal documents sent to a printer queue and pilfer data from a CD, Kaspersky Lab reports. But researchers have only identified one victim so far.

CISO Trainings

Women in Cybersecurity: A Progress Report

Tom Field • April 10, 2019

Nearly one-quarter of the global cybersecurity workforce is now made up of women. But women still face significant compensation and other career challenges, according to a new study. Mary-Jo de Leeuw of (ISC)2 shares analysis.

Cybercrime

Report: FIN6 Shifts From Payment Card Theft to Ransomware

Scott Ferguson • April 9, 2019

FIN6, a cybercrime group that has focused on attacking point-of-sale devices to steal credit card numbers, now also is waging ransomware attacks that target businesses with either LockerGoga or Ryuk, according to a new analysis from security firm FireEye.

Fraud Management & Cybercrime

UK Man Gets Six-Year Sentence for Global Ransomware Scheme

Scott Ferguson • April 9, 2019

A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.'s National Crime Agency announced Tuesday.