Ministry of Home Affairs Needs to Go Beyond Security Basics

Suparna Goswami • July 18, 2019

The Ministry of Home Affairs recently released a document on information security best practices for government officials. While emphasizing the basics is a good move, much more needs to be done.

3rd Party Risk Management

Marriott Faces $125 Million GDPR Fine Over Mega-Breach

Latest

Governance

Despite BlueKeep Warnings, Many Organizations Fail to Patch

Jeffrey Burt • July 18, 2019

Weeks after Microsoft issued a patch for the BlueKeep vulnerability, which threatens devices running older versions of Windows, many organizations worldwide have yet to install patches despite alerts from the software giant, government agencies and cybersecurity companies, according to researchers at BitSight.

Business Continuity Management / Disaster Recovery

Ransomware: As GandCrab Retires, Sodinokibi Rises

Mathew J. Schwartz • July 17, 2019

With the GandCrab ransomware-as-service gang promising to retire - and free decryptors now aiding victims - rival Sodinokibi has already stepped into the void, security experts warn. Driven also by attackers wielding Ryuk, Dharma and Phobos, ransom payments by victims have been surging.

Active Defense & Deception

How Deception Technology Is Evolving

Nick Holland • July 17, 2019

Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a research and advisory company.

Blockchain & Cryptocurrency

Senators Scrutinize Facebook's Cryptocurrency Plans

Scott Ferguson • July 16, 2019

At a Senate committee hearing on Tuesday, lawmakers grilled a Facebook executive about the company's plans to launch a cryptocurrency. One Democratic senator said Facebook "does not respect the power of the technologies they are playing with - like a toddler who has gotten his hands on a book of matches."

Application Security

Security Flaw Exposed Valid Airline Boarding Passes

Mathew J. Schwartz • July 16, 2019

A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.

Will Cyberattacks Lead to Prolonged Conflicts?

Nick Holland • July 16, 2019

There's good news and bad news about the current state of cybersecurity, according to Richard A. Clarke and Robert K. Knake, two former federal advisers who have written a new book. Learn about their concerns that cyberattacks could escalate into prolonged conflicts.

Geo Focus: Asia

Vehicle Information Is for Sale; Is Privacy at Stake?

Suparna Goswami • July 16, 2019

The Ministry of Road Transport and Highways reportedly informed the Parliament that it has earned around INR 65 crore, or about $9.5 million, by providing restricted access to a database of registered vehicles and drivers to private-sector companies. Is citizens' privacy at stake?

Application Security

How a Big Rock Revealed a Tesla XSS Vulnerability

Jeremy Kirk • July 16, 2019

Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.

Endpoint Security

Broadcom Reportedly Suspends Bid for Symantec

Scott Ferguson • July 15, 2019

Broadcom has reportedly suspended its effort to acquire Symantec after the two companies failed to agree on a price for the deal. The negotiations had been ongoing for several weeks.

Cybercrime

'Sea Turtle' DNS Hijackers Expand Reach

Jeffrey Burt • July 15, 2019

The group behind the Sea Turtle espionage campaign that was exposed in April is expanding its geographic reach and claiming new victims, according to researchers with Cisco's Talos unit.

Account Takeover

Payment Fraud: Criminals Enroll Stolen Cards on Apple Pay

Mathew J. Schwartz • July 15, 2019

Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.

Cybercrime

Phishing Campaign Tied to Amazon Prime Day

Akshaya Asokan • July 15, 2019

In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.