Siddharth Deshpande, research director, Gartner

Completely Outsourced Security: A Bad Idea

Varun Haran • October 17, 2018

Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner.

Cybersecurity

Magecart Card-Stealing Gang Hits 'Shopper Approved' Plug-In

Latest

Cybercrime

US Voter Records for Sale on Hacker Forum

Jeremy Kirk • October 16, 2018

A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records.

Anti-Phishing, DMARC

10 Cyberattacks Investigated Weekly by UK

Mathew J. Schwartz • October 16, 2018

The U.K.'s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say.

Breach Notification

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Mathew J. Schwartz • October 15, 2018

The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.

Encryption & Key Management

Tech Companies Bristle at Australia's Crypto Legislation

Jeremy Kirk • October 15, 2018

The disagreements continue over Australia's efforts to pass legislation that would help law enforcement counter encryption. Technology companies and civil liberties organizations contend the latest draft of legislation would allow for too much secrecy and imperil privacy and security.

Governance

Update: NIST Preparing Privacy Framework

Nick Holland • October 15, 2018

Building on the success of the NIST Cybersecurity Framework, the National Institute of Standards and Technology is in the early stages of developing a privacy framework. The effort will kick off with a workshop Tuesday in Austin, Texas, explains Naomi Lefkovitz, who is leading the project.

Endpoint Security

Review Shows Glaring Flaws In Xiongmai IoT Devices

Jeremy Kirk • October 12, 2018

Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.

Business Continuity/Disaster Recovery

Safeguarding Critical Infrastructure From Cyberattacks

Nick Holland • October 12, 2018

The biggest challenge for any critical infrastructure facing potential cyberattacks is devising ways to maintain business continuity, says cybersecurity specialist Prashant Pillai, who calls for building resilience into network design. He'll be a speaker at ISMG's Security Summit: London, to be held Oct. 23.

An Assessment of Google's Data Leak

Nick Holland • October 12, 2018

An in-depth report on the exposure of personal details for 500,00 Google+ accounts leads the latest edition of the ISMG Security Report. Also featured: an update on mitigating the risk of business email compromises and tips for protecting critical infrastructure.

Anti-Malware

GandCrab Ransomware Partners With Crypter Service

Mathew J. Schwartz • October 11, 2018

The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.

Business Email Compromise (BEC)

Defending Against Business Email Compromise Attacks

Nick Holland • October 10, 2018

What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.

Cybercrime

Suspected NASA Hacker Busted After Boasting About Exploits

Mathew J. Schwartz • October 10, 2018

Memo to hackers: Boasting about your exploits on social media channels is a good way to get caught. Indeed, Italian police say they busted a suspected hacker after he bragged not only about defacing the NASA home page but also about being part of a group calling itself "Master Italian Hackers Team."

Data Breach

Google Forced to Reveal Exposure of Private Data

Jeremy Kirk • October 9, 2018

Google blames a bug in an API for its Google+ social networking service for exposing personal details of about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.