Snapdragon Chip Flaws Could Facilitate Mass Android Spying

Mathew J. Schwartz • August 11, 2020

Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.

Business Email Compromise (BEC)

Building a Stronger Security Infrastructure

Latest

Business Email Compromise (BEC)

BEC Scam Costs Trading Firm Virtu Financial $6.9 Million

Doug Olenick • August 11, 2020

High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.

Fraud Management & Cybercrime

Using DNS Data for Cybercrime Intelligence

Jeremy Kirk • August 11, 2020

The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.

Account Takeover

Fighting Fraud: Understanding Threat Actors' Techniques

Suparna Goswami • August 11, 2020

The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.

Critical Infrastructure Security

US Intelligence Adds More Details on Election Interference

Akshaya Asokan • August 8, 2020

Russia, China and Iran are all seeking to influence the 2020 U.S. Presidential election in November, according to a new report from the Office of the Director of National Intelligence that offers details about each country's plans and goals.

Anti-Phishing, DMARC

FBI on China, Election Security and Impact of COVID-19

Tom Field • August 8, 2020

The day after President Trump issued executive orders to ban Chinese-owned social media apps TikTok and WeChat, Sanjay Virmani of the FBI's San Francisco office shared insights on the Chinese cyberthreat, election security and crime trends in the wake of COVID-19.

Cyberwarfare / Nation-State Attacks

The Debate Over Trump 'Ban' of TikTok, WeChat

Doug Olenick • August 7, 2020

President Donald Trump's executive order banning the Chinese-owned TikTok and WeChat apps could prove to be unenforceable, some privacy and security specialists say. But some Republican lawmakers hailed the move, citing the national security risks posed by the apps.

Cloud Security

Capital One Fined $80 Million Over 2019 Breach

Chinmay Rautmare • August 7, 2020

A federal banking regulator has fined Capital One $80 million, citing numerous security shortfalls before the 2019 data breach that exposed the financial and personal information of over 100 million individuals in the U.S. and Canada.

Anti-Money Laundering (AML)

Using Machine Learning to Fight Money Laundering

Suparna Goswami • August 7, 2020

Machine learning can play a significant role in mitigating money laundering risks, says Andy Gandhi, managing director, data risk and compliance at the consultancy Alvarez and Marsal.

Application Security

Analysis: Hijacking of Twitter Hacker's Virtual Hearing

Anna Delaney • August 7, 2020

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Cybercrime

Exploring the Forgotten Roots of 'Cyber'

Mathew J. Schwartz • August 7, 2020

One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?

Endpoint Security

Twitter Rushes to Fix Flaw in Android Version

Chinmay Rautmare • August 6, 2020

Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident.

Endpoint Security

Garmin Reportedly Paid a Ransom

Doug Olenick • August 5, 2020

Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services.