The Challenge of Detecting 'Deepfakes'

Nick Holland • December 4, 2020

Detecting "deepfake" images used by fraudsters is challenging, says Gartner Research analyst Avivah Litan, who describes key steps in the detection effort.

General Data Protection Regulation (GDPR)

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Latest

Breach Notification

Google Play Source Code Flaw Makes Apps Vulnerable

Akshaya Asokan • December 5, 2020

A source code flaw in the Google Play store platform could enable attackers to perform remote code execution for credential theft on several prominent apps, a new report by security firm Check Point Research finds.

Anti-Phishing, DMARC

Hacker-for-Hire Group DeathStalker Implements New Malware

Prajeet Nair • December 5, 2020

The hacker-for-hire group DeathStalker, known for conducting espionage campaigns against small and medium-sized businesses, has started using a new malware strain called PowerPepper, according to a report from the security firm Kaspersky.

Critical Infrastructure Security

US Senators Warn of National Security Threats From China

Akshaya Asokan • December 5, 2020

The top Republican and Democrat on the U.S. Senate Intelligence Committee have issued a warning about the national security threats posed by the Chinese government. The statement follows an opinion article published by DNI Director John Ratcliffe that called out China's cyber and other capabilities.

Cybercrime

Hacking Group Used Crypto Miners as Distraction Technique

Prajeet Nair • December 4, 2020

A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports.

Governance & Risk Management

Balancing Security, Customer Service

Suparna Goswami • December 4, 2020

Organizations can enhance security while maintaining a good customer experience by leveraging data for authentication, says David Britton of Experian.

Application Security

Analysis: Apple iOS 'Zero-Click Exploit'

Anna Delaney • December 4, 2020

This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.

Cybercrime

Trickbot Now Uses a Bootkit to Attack Firmware

Doug Olenick • December 3, 2020

Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.

COVID-19

Phishing Campaign Targets COVID-19 'Cold Chain'

Marianne Kolbasuk McGee • December 3, 2020

CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered.

Endpoint Security

Researchers: 25 Countries Use 'Circles' Spyware

Akshaya Asokan • December 3, 2020

Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to The Citizen Lab, a research organization based at the University of Toronto.

Fraud Management & Cybercrime

Why Did Instagram Leak Minors' Email Addresses Again?

Jeremy Kirk • December 3, 2020

Social media poses special risks for minors. Data scientist David Stier, who has discovered leaks of minors' personally identifiable information on Instagram, shares insights on how social media companies should better protect PII.

Business Continuity Management / Disaster Recovery

K12, Online Curriculum Provider, Pays Ransom to Hackers

Doug Olenick • December 2, 2020

K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.

Business Email Compromise (BEC)

FBI: BEC Scams Are Using Email Auto-Forwarding

Akshaya Asokan • December 2, 2020

Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.