Latest

Business Continuity Management / Disaster Recovery

iNSYNQ Continues Recovery From MegaCortex Ransomware Attack

Akshaya Asokan  •  July 23, 2019

A week after a ransomware attack locked up customer files and data at online cloud hosting provider iNSYNQ, the company is continuing to recover and restore its internal infrastructure. It remains unclear how much longer this process will take, the company acknowledges.

Consumer Advocates Criticize Equifax Settlement Plan

Mathew J. Schwartz  •  July 23, 2019

Equifax's move to settle federal and 48 states' probes, as well as class action lawsuits, would see breach victims being able to claim up to $20,000 for unreimbursed expenses. But some consumer advocates and government officials say the proposed deal is insufficient, given the magnitude of Equifax's failures.

Cyberwarfare / Nation-state attacks

Recent DNS Hijacking Campaigns Trigger Government Action

Scott Ferguson  •  July 22, 2019

A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K. governments to issues warnings and policy updates to improve security.

Incident & Breach Response

Ex-NSA Contractor Harold Martin Hit With 9-Year Sentence

Akshaya Asokan  •  July 22, 2019

Former government contractor Harold Thomas Martin III has been sentenced to serve nine years in federal prison after he pleaded guilty to stealing and retaining classified and secret files and data from U.S. government agencies, including the National Security Agency and CIA.

Cybercrime

Equifax Negotiates Potential $700 Million Breach Settlement

Mathew J. Schwartz  •  July 22, 2019

Credit reporting giant Equifax has negotiated a proposed settlement that could reach $700 million to resolve federal and state probes into its massive 2017 data breach, as well as a nationwide class action lawsuit. The company's total post-breach tab is likely to exceed $2 billion.

Fraud Management & Cybercrime

Ireland Assessing Minors' Profiles on Instagram

Jeremy Kirk  •  July 22, 2019

Ireland's Data Protection Commission says it is "assessing" a report concerning minors who have business profiles on Instagram that may expose email addresses and phone numbers. As many as 5 million kids worldwide have business accounts, but often they have no discernible link to a real business.

Governance

2.3 Billion Files Exposed Online: The Root Causes

Marianne Kolbasuk McGee  •  July 22, 2019

Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.

Endpoint Security

Researchers Trick Cylance Into Giving Malware a Pass

Jeremy Kirk  •  July 19, 2019

An Australian cybersecurity company says it tricked BlackBerry's Cylance Protect anti-virus product into believing that some of the most pernicious types of malware, including WannaCry and the SamSam ransomware, were benign programs.

Governance

Security Solutions Planning: Right-Sizing Your Stack

Varun Haran  •  July 19, 2019

Planning your security programs to incorporate the right digital context - the IT environment, the business processes and the risks - is essential for success, says Avinash Prasad, vice president and head of the managed services business at Tata Communications.

Application Security

Tesla Vulnerability: A Bounty Hunter's Tale

Nick Holland  •  July 19, 2019

The latest edition of the ISMG Security Report describes the accidental discovery of a Tesla software vulnerability. Also featured: an analysis of the latest ransomware trends and insights from former federal advisers Richard Clarke and Robert Knake on cyber resilience.

3rd Party Risk Management

Huawei Question Must Be Answered by New UK Prime Minister

Mathew J. Schwartz  •  July 19, 2019

A powerful parliamentary committee has called on Britain's new prime minister - be it Boris Johnson or Jeremy Hunt - to make a decision "as a matter of priority" about the extent to which telecommunications gear built by Huawei should be used in the nation's 5G network.

Phishing Scheme Targets Amex Cardholders

Akshaya Asokan  •  July 18, 2019

Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense.