Stolen Pakistani bank cards are being offered for sale on the Joker's Stash carder forum. (Source: Group-IB)

Big Dump of Pakistani Bank Card Data Appears on Carder Site

Mathew J. Schwartz • February 22, 2019

The notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million. Nearly all of the 70,000 bank cards are advertised as being from Meezan Bank, the country's largest Islamic bank.

Authentication

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Latest

Blockchain & Cryptocurrency

Password Manager Weaknesses Revealed

Nick Holland • February 22, 2019

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.

Anti-Malware

11 Takeaways: Targeted Ryuk Attacks Pummel Businesses

Mathew J. Schwartz • February 21, 2019

A rush by some media outlets to attribute a late-2018 alleged Ryuk ransomware infection at Tribune Publishing to North Korean attackers appears to have been erroneous, as many security experts warned at the time. Rather, cybercrime gangs appear to be using Ryuk, according to researchers at McAfee and Coveware.

Application Security

WhatsApp Flaw Could Enable iOS Message Snooping

Jeremy Kirk • February 21, 2019

Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices. The flaw could let someone with physical access to a device bypass Face ID and Touch ID.

Fraud Management & Cybercrime

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Mathew J. Schwartz • February 20, 2019

Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable. But Parliament's probe into disinformation and "fake news" reserves special scorn for Facebook CEO Mark Zuckerberg.

Authentication

Password Managers Leave Crumbs in Memory, Researchers Warn

Jeremy Kirk • February 20, 2019

A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Business Continuity/Disaster Recovery

Police Push Free Decryptor for GandCrab Ransomware

Mathew J. Schwartz • February 19, 2019

Good news for many victims of GandCrab: There's a new, free decryptor available from the No More Ransom portal that will unlock systems that have been crypto-locked by the latest version of the notorious, widespread ransomware. But the ransomware gang appears to already be prepping a new version.

Cyberwarfare / Nation-state attacks

Report: UK Believes Risk of Using Huawei Is Manageable

Mathew J. Schwartz • February 18, 2019

Britain's intelligence establishment has reportedly concluded that any risks posed by Chinese-built Huawei networking equipment used as part of the country's 5G rollout can be minimized if the process is appropriately managed.

Artificial Intelligence & Machine Learning

Key Security Considerations for AI and Robotics

Marianne Kolbasuk McGee • February 18, 2019

As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.

Application Security

WannaCry Hero Loses Key Motions in Hacking Case

Jeremy Kirk • February 15, 2019

A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware. The rulings could complicate the challenges for the defense team of Marcus Hutchins, who remains in the U.S.

Blockchain & Cryptocurrency

Protecting Cryptocurrency in the Era of 'Deep Fakes'

Nick Holland • February 15, 2019

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Cybercrime

US Air Force Veteran Charged in Iran Hacking Scheme

Jeremy Kirk • February 14, 2019

A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents. The case marks another damaging leak for the American government.

Anti-Fraud

Roses Are Red, Romance Scammers Make You Blue

Mathew J. Schwartz • February 14, 2019

This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017, while in the U.K., Action Fraud says reported romance scam losses in 2018 topped $64 million.