Attackers used a BGP leak to spoof internet routing information, allowing them to steal credentials from users of MyEtherWallet.com.

Cryptocurrency Heist: BGP Leak Masks Ether Theft

Mathew J. Schwartz • April 25, 2018

An attack spoofed internet routing information, resulting in anyone who visited MyEtherWallet.com - a free, open source web app for storing and sending ether-based tokens - instead being routed to an attacker-controlled site, leading to an estimated $320,000 in losses.

Authentication

Life After WannaCry's Wake-Up Call: What's Next?

Latest

Anti-Malware

Toolkit Generates Malicious Office Macro Malware

Mathew J. Schwartz • April 25, 2018

Are you a fraudster craving an easy way to generate Microsoft Office documents with embedded malicious macros designed to serve as droppers that install banking Trojans onto a victim's PC? Say hello to a toolkit that debuted in February called Rubella Macro Builder.

Breach Notification

SEC Fines Yahoo $35 Million Over 2014 Breach

Jeremy Kirk • April 25, 2018

Yahoo, now known as Altaba, has agreed to a $35 million civil fine with the U.S. Securities and Exchange Commission to settle accusations that the search giant failed to promptly notify investors about a December 2014 data breach.

Data Breach

Symantec: 'Orangeworm' Group Hits Healthcare Organizations

Jeremy Kirk • April 24, 2018

Large healthcare companies in the U.S., Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. The backdoor has been found on X-ray machines and MRIs.

Fraud Management, Cybercrime

Atlanta's Ransomware Cleanup Costs Hit $2.6 Million

Mathew J. Schwartz • April 24, 2018

The city of Atlanta's ransomware outbreak cleanup and response tab has hit $2.6 million after a March attack froze corporate servers, employees' PCs and resident-facing portals. Some security experts say the breach response funds would have been put to better use preventing the outbreak in the first place.

Endpoint Security

Vulnerability Management: Why the Problem Can't Be Solved

Mathew J. Schwartz • April 24, 2018

One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.

Fraud

Machine Learning, AI Mitigating Insider Threats

Nick Holland • April 24, 2018

Insider threats aren't going away, but the introduction of machine learning and AI are proving to be powerful tools in the fight, says Randy Trzeciak of Carnegie Mellon University's CERT.

Risk Management

Preparing for the Operational Technology Challenge

Tom Field • April 24, 2018

Plenty has been said about threats to internet of things devices - and rightfully so. But what about operational technology that often has been neglected by security controls? Mark Nunnikhoven of Trend Micro weighs in on OT risks.

Awareness & Training

Workforce Development: Reducing Barriers to Entry

Mathew J. Schwartz • April 24, 2018

What can be done to address the shortage of personnel to fill the ever-expanding roster of cybersecurity jobs - from entry-level positions through the CISO role? (ISC)2's John McCumber describes organizational and governmental efforts to lower barriers to entry and build tomorrow's workforce.

Fraud Management, Cybercrime

How Account Takeovers Subvert Victims' Social Networks

Mathew J. Schwartz • April 24, 2018

Attackers rarely bother with technical sophistication when easy social engineering schemes, such as "hacking" a victim's social network and using it against them, can give them what they want, says Markus Jakobsson, chief scientist at the cybersecurity firm Agari.

Artificial Intelligence & Machine Learning

How to Battle Credential Stuffing Attacks

Mathew J. Schwartz • April 24, 2018

To combat credential stuffing and other types of rising attacks, organizations need data - and lots of it - to feed machine learning and artificial intelligence algorithms to better detect these types of high volume attacks, says Shape Security's Dan Woods.

Artificial Intelligence & Machine Learning

The Role of AI and ML in Minimizing Alert Fatigue

Nick Holland • April 24, 2018

Alert fatigue is a serious problem in terms of risk management and security analyst turnover. Ted Julian of IBM Resilient discusses how artificial intelligence and machine learning can assist with orchestration and automation.

Cloud Computing

Bringing Visibility to the Midmarket

Tom Field • April 24, 2018

Increasingly, SonicWall is focused on the midmarket, and CEO Bill Conner wants to help ensure that smaller and midsized enterprises have appropriate visibility into the threat landscape - the threat actors, as well as whom they are targeting.