This illustration shows how the Water Nue BEC scam targets Office 365 credentials. (Source: Trend Micro)

BEC Scam Targets Executives' Office 365 Accounts

Chinmay Rautmare • August 10, 2020

A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.

Account Takeover

A Working Model for a 'Zero Trust' Security Architecture

Latest

COVID-19

Barclays Faces Employee Spying Probe

Mathew J. Schwartz • August 10, 2020

The UK's privacy watchdog is probing banking giant Barclays over its use of employee monitoring tools after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees.

Anti-Phishing, DMARC

FBI on China, Election Security and Impact of COVID-19

Tom Field • August 8, 2020

The day after President Trump issued executive orders to ban Chinese-owned social media apps TikTok and WeChat, Sanjay Virmani of the FBI's San Francisco office shared insights on the Chinese cyberthreat, election security and crime trends in the wake of COVID-19.

Cyberwarfare / Nation-State Attacks

The Debate Over Trump 'Ban' of TikTok, WeChat

Doug Olenick • August 7, 2020

President Donald Trump's executive order banning the Chinese-owned TikTok and WeChat apps could prove to be unenforceable, some privacy and security specialists say. But some Republican lawmakers hailed the move, citing the national security risks posed by the apps.

Cloud Security

Capital One Fined $80 Million Over 2019 Breach

Chinmay Rautmare • August 7, 2020

A federal banking regulator has fined Capital One $80 million, citing numerous security shortfalls before the 2019 data breach that exposed the financial and personal information of over 100 million individuals in the U.S. and Canada.

Application Security

Managing API Security

Suparna Goswami • August 7, 2020

Because APIs are an attractive target for hackers, organizations need to make API security a higher priority, says Aseem Ahmed of Akamai Technologies.

Cyberwarfare / Nation-State Attacks

Trump Signs Executive Orders Banning TikTok, WeChat

Prajeet Nair • August 7, 2020

President Donald Trump, citing national security concerns, has signed two executive orders that will ban the Chinese-owned social media platforms TikTok and WeChat from the U.S. within 45 days. The orders appear designed to accelerate the sale of the two platforms to American firms.

Anti-Money Laundering (AML)

Using Machine Learning to Fight Money Laundering

Suparna Goswami • August 7, 2020

Machine learning can play a significant role in mitigating money laundering risks, says Andy Gandhi, managing director, data risk and compliance at the consultancy Alvarez and Marsal.

Application Security

Analysis: Hijacking of Twitter Hacker's Virtual Hearing

Anna Delaney • August 7, 2020

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Cybercrime

Exploring the Forgotten Roots of 'Cyber'

Mathew J. Schwartz • August 7, 2020

One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?

Endpoint Security

Twitter Rushes to Fix Flaw in Android Version

Chinmay Rautmare • August 6, 2020

Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident.

COVID-19

Building a Stronger Security Infrastructure

Anna Delaney • August 6, 2020

As organizations collect more consumer data during the COVID-19 pandemic, how can they protect it? Peter Yapp, former deputy director at the UK's National Cyber Security Center, provides insights on building a stronger security infrastructure.

Endpoint Security

How WastedLocker Evades Anti-Ransomware Tools

Prajeet Nair • August 5, 2020

WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos.