Amanda Rousseau, an offensive security engineer at Facebook, delivers the opening Black Hat Europe keynote speech. (Photo: Mathew Schwartz)

Cybersecurity Defenders: Channel Your Adversary's Mindset

Mathew J. Schwartz • December 4, 2019

A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy.

Breach Notification

Microsoft Debunks Dopplepaymer Ransomware Rumors

Latest

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.

3rd Party Risk Management

John Halamka on Privacy, Security of Mayo Clinic Platform

Marianne Kolbasuk McGee • December 5, 2019

In an in-depth interview, John Halamka, M.D., the former long-time CIO at Beth Israel Deaconess Medical Center in Boston, discusses his upcoming move to head Mayo Clinic's global digital health initiative in collaboration with Google - and why privacy and security are so critical to those efforts.

Endpoint Security

FBI Warns of Smart TV Dangers

Jeremy Kirk • December 4, 2019

The FBI has a new suspect in its sights, and there's one in nearly every home: smart TVs. It warns consumers to be wary because the devices can pose privacy and security threats - an unsecured smart TV could be the avenue hackers use to gain access to a home network.

Cybercrime

New Malware Campaign Uses Trojanized 'Tetris' Game: Report

Akshaya Asokan • December 3, 2019

A new malware campaign uses a Trojanized version of the game Tetris to target healthcare and educational institutions for credential stealing, according to Blackberry Cylance. Analysts have observed evidence of the threat actors attempting to deliver ransomware with the 'PyXie' Trojan.

Governance

SAP Software Update Exposed New Zealand Firearms Register

Jeremy Kirk • December 3, 2019

German software giant SAP has apologized after a software update mistakenly assigned higher-level privileges to some users within New Zealand's firearms buy-back database, exposing personal details for gun owners. The system has been shut down by police.

Black Hat

15 Hot Sessions at Black Hat Europe 2019

Mathew J. Schwartz • December 3, 2019

This year's Black Hat Europe conference in London features dozens of briefings touching on a wide variety of topics, including exploiting contactless payment and Bluetooth vulnerabilities, identifying vulnerable OEM IoT devices at scale and running false-flag cyberattacks.

Governance

TrueDialog Unsecure Database Exposes SMS Data: Report

Akshaya Asokan • December 2, 2019

Researchers uncovered an unsecured database belonging to TrueDialog, a business SMS texting solutions provider, which exposed data on millions, including text messages, names, addresses and other information, according to a report by VPNMentor researchers. The database has since been closed.

Application Security

Mixcloud Breach Affects 21 Million Accounts

Jeremy Kirk • December 2, 2019

Digital streaming platform Mixcloud says it's the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet. The data on 21 million users is for sale in an underground market.

Anti-Phishing, DMARC

Google: Government-Backed Hackers Targeted 12,000 Users

Akshaya Asokan • November 29, 2019

Google has directly warned more than 12,000 users across 149 countries that they have been targeted by government-backed hackers. Google says the attack attempts occurred in the third quarter of this year and targeted users of such services as Gmail, Drive and YouTube.

3rd Party Risk Management

Security Firm Prosegur Hit By Ryuk Ransomware

Jeremy Kirk • November 29, 2019

Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms. Prosegur isn't revealing much detail but says it is in the process of restoring services.

Encryption & Key Management

The Threat of Ransomware and Doxing

Nick Holland • November 29, 2019

The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.

3rd Party Risk Management

Health Data Breaches: 3 Lessons Learned

Marianne Kolbasuk McGee • November 29, 2019

The healthcare sector has had plenty of significant data breaches so far this year. What can be learned from organizations' experiences? Here are three key lessons.