North Korean Hackers Tapping Into TrickBot: Report

Scott Ferguson • December 13, 2019

New research finds that hackers linked to the North Korean government are now renting the botnet created by TrickBot malware, as well as access to a highly customized malicious framework, to help further their goals - including targeting payment systems.

Endpoint Security

Surviving a Breach: 8 Incident Response Essentials

Latest

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett • December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

Governance

How This CISO Handles Security in Multiple Business Sectors

Suparna Goswami • December 12, 2019

What challenges does a CISO face when dealing with issues facing several industries? Abid Adam of Axiata Group, a conglomerate based in Malaysia, describes his efforts to manage privacy and security in three diverse sectors.

Encryption & Key Management

Visual Journal: Black Hat Europe 2019

Mathew J. Schwartz • December 12, 2019

Black Hat Europe returned to London last week, featuring two days of briefings covering topics from cryptography and breach response to exploit development and application security. Plus, a packed business hall offered technical demonstrations. Here are visual highlights of the event.

Blockchain & Cryptocurrency

Five Charged in $722 Million Cryptomining Ponzi Scheme

Scott Ferguson • December 11, 2019

The Justice Department has charged five individuals with running a high-tech Ponzi scheme that allegedly fleeced investors out of $722 million by falsely promising clients big returns as part of a cryptomining operation.

Account Takeover

Joker's Stash Celebrates Turkey Day With Stolen Card Data

Mathew J. Schwartz • December 11, 2019

The notorious Joker's Stash carder marketplace has recently listed for sale 460,000 records, including four "Turkey-Mix" batches that feature never-before-seen payment card data that traces to Turkey's 10 largest banks, says cybersecurity firm Group-IB.

Endpoint Security

McAfee Considers Purchase of NortonLifeLock: Report

Akshaya Asokan • December 11, 2019

McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter."

Business Continuity Management / Disaster Recovery

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Jeremy Kirk • December 10, 2019

Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files.

Encryption & Key Management

Quantum-Proof Cryptography: What Role Will It Play?

Suparna Goswami • December 10, 2019

CISOs need to begin investigating the use of quantum-proof cryptography to ensure security is maintained when extremely powerful quantum computers that can crack current encryption are implemented, says Professor Alexander Ling, principal investigator at the Center for Quantum Technologies in Singapore.

Finance & Banking

A $200,000 Internet Fraud: Will Anyone Investigate?

Jeremy Kirk • December 9, 2019

Internet crime has grown so rapidly that law enforcement is outpaced. Here's the story of how a Manhattan doctor lost $200,000 in an internet scam, and why he's struggling to get law enforcement's attention.

Cybercrime

Wiper Malware Targets Middle Eastern Energy Firms: Report

Akshaya Asokan • December 6, 2019

A new malware campaign suspected of being tied to Iran has been targeting companies in the energy and industrial sectors in the Middle East, according to a report from IBM X-Force.

Artificial Intelligence & Machine Learning

AI, Machine Learning and Robotics: Privacy, Security Issues

Marianne Kolbasuk McGee • December 6, 2019

The use of artificial intelligence, machine learning and robotics has enormous potential, but along with that promise come critical privacy and security challenges, says technology attorney Stephen Wu.

Critical Infrastructure Security

How the Adversarial Mindset Is Making Cybersecurity Better

Mathew J. Schwartz • December 6, 2019

Applying offensive hacking expertise and a more adversarial mindset to better hone not just network defenses but also public policy is proving effective, says Jeff Moss, founder and creator of the Black Hat conference.