Latest

►

Fraud Management & Cybercrime

Phishing Campaign Used Chase Fraud Alert as Lure

Doug Olenick  •  July 15, 2020

Fraudsters used phishing emails purporting to be a warning from Chase Bank about "unusual activity" on credit cards in an attempt to steal consumers' account credentials, according to Mariana Pereira of the security firm Darktrace.

Breach Notification

LiveAuctioneers Confirms Breach After Records Posted for Sale

Prajeet Nair  •  July 14, 2020

Auction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported that it discovered about 3.4 million LiveAutioneers customers' records had been posted for sale on a darknet forum.

Cyberwarfare / Nation-State Attacks

Israeli Court Dismisses Complaint Against NSO Group

Akshaya Asokan  •  July 14, 2020

An Israeli court has dismissed a petition filed by Amnesty International that sought to revoke the security export license of NSO Group, a tech firm that's been accused of selling hacking tools to governments for targeting dissidents, journalists and lawyers.

Cybercrime

Yet Again, Vulnerabilities Found in a Router

Jeremy Kirk  •  July 14, 2020

It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.

►

Fraud Management & Cybercrime

Leveraging Analytics for Fraud Audits

Suparna Goswami  •  July 14, 2020

Data analytics can help auditors identify high-risk areas - a far better approach than relying on random samples, says forensics expert Vincent Walden.

►

Application Security

Ensuring Connected Devices Are Secure

Jeremy Kirk  •  July 14, 2020

The lessons of the Mirai botnet's abuse of internet-connected devices four years ago have been taken to heart, says Aaron Guzman of OWASP, which is working with others to improve security benchmarks and testing for connected devices.

►

Endpoint Security

Product Labels Could Make IoT Risks More Transparent

Jeremy Kirk  •  July 14, 2020

Manufacturers are increasingly adding connectivity to everyday devices, but it's not always evident how privacy and security is managed. Detailed technical labels could give purchasers more insight, says Pardis Emami-Naeini, a post-doctoral scholar at Carnegie Mellon University.

Cybercrime

Russian Found Guilty of Hacking LinkedIn, Dropbox

Prajeet Nair  •  July 13, 2020

A Russian national has been found guilty of hacking LinkedIn, Dropbox and the now defunct Formspring to steal millions of user credentials, some of which were later sold on underground markets.

Encryption & Key Management

What's New in PAN-OS 10.0?

Jesse Ralston  •  July 13, 2020

Learn how you can take advantage of the newest innovations and enjoy some fresh product demos.

Cybercrime

A Paradigm Shift In Cybersecurity

Suresh Sathyamurthy  •  July 13, 2020

How do you proactively manage policy changes, protect devices and stop new threats? You need a radically new approach to network security that can scale faster than manual approaches.

Cybercrime

No 'Invisible God': Fxmsp's Operational Security Failures

Mathew J. Schwartz  •  July 13, 2020

To the long list of alleged hackers who failed to practice good operational security so they could remain anonymous, add another name: Andrey Turchin, who's been charged with running the Fxmsp hacking group, which prosecutors say relied on Jabber and bitcoins in an attempt to hide their real identities.

Endpoint Security

Not the Cat's Meow: Petnet and the Perils of Consumer IoT

Jeremy Kirk  •  July 13, 2020

Connected devices for consumers don't come with service-level agreements agreements. The travails of Petnet, the maker of an automatic, cloud-enabled pet feeder that has now gone offline offer a tale of caution that points to the need for stronger consumer protection for cloud-enabled devices.