Criminals, Nation-States Keep Hijacking BGP and DNS

Mathew J. Schwartz • February 18, 2019

The internet is composed of a series of networks built on trust. But they can be abused due to weaknesses in older protocols, such as Border Gateway Protocol and the Domain Name System, which were not designed to be secure and are now being abused for online crime and espionage.

Application Security

Japan's Credit Card Fraud Debacle

Latest

Artificial Intelligence & Machine Learning

Key Security Considerations for AI and Robotics

Marianne Kolbasuk McGee • February 18, 2019

As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.

Blockchain & Cryptocurrency

Protecting Cryptocurrency in the Era of 'Deep Fakes'

Nick Holland • February 15, 2019

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Cloud Security

Data Gravity: Will It Weigh Down Cloud Security?

Nick Holland • February 13, 2019

The 2019 RSA Conference offers an opportunity to learn about new concepts across all aspects of cybersecurity. One such area is "data gravity," which will be the topic of a session featuring Microsoft's Diana Kelley and Sian John. They discuss the concept in a joint interview.

Breach Preparedness

Battling Big Breaches: Are We Getting Better?

Mathew J. Schwartz • February 13, 2019

What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.

Cybercrime

No-Deal Brexit Threatens British Crime Fighting

Mathew J. Schwartz • February 12, 2019

British police say they're doing their best to cope with the possibility that the U.K. will crash out of the EU in 45 days and lose access to joint policing resources. But Richard Martin of the Met Police says replacements "will not be as efficient or effective as the tools we currently use."

Governance

Keeping Incident Response Plans Current

Marianne Kolbasuk McGee • February 12, 2019

Many healthcare organizations are falling short in their incident response plans, says Mark Dill, principal consultant at tw-Security. The former director of information security at the Cleveland Clinic discusses best practices for keeping those programs current in an interview at the HIMSS19 conference.

Endpoint Security

Apple Update: Drop Everything and Patch iOS

Mathew J. Schwartz • February 8, 2019

Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime. Apple says it compensated the teenager who reported the FaceTime flaw and gave him an extra gift toward his tuition.

Cybercrime

Hack Attack Breaches Australian Parliament Network

Mathew J. Schwartz • February 8, 2019

Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.

Critical Infrastructure Security

Assessing US Vulnerability to a Nation-State Cyberattack

Nick Holland • February 8, 2019

The latest edition of the ISMG Security Report features a summary of alarming new findings about the ability of the U.S. to counter a nation-state malware attack. Plus, a discussion of "fusion centers" at banks and an update on the targeting of Webstresser subscribers.

Big Data

German Antitrust Office Restricts Facebook Data Processing

Mathew J. Schwartz • February 7, 2019

Germany's competition authority, the Bundeskartellamt, has prohibited Facebook from combining user data from different sources unless users consent, and it has also prohibited Facebook from blocking users who do not provide this consent. Facebook has one month to appeal the antitrust decision.

Breach Response

Data Breach Reports in Europe Under GDPR Exceed 59,000

Mathew J. Schwartz • February 6, 2019

Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K. receiving the greatest number of notifications, according to the law firm DLA Piper.

Anti-Fraud

A Collaborative Approach to Mitigating Cyberthreats

Nick Holland • February 6, 2019

Banks need to work toward improving collaboration between their cybersecurity and fraud management departments to boost efforts to mitigate cyberthreats, say Scott Walters and Eric Reddel of the consultancy Booz Allen Hamilton.