A Single Agency for Cybersecurity: Will It Work?

Suparna Goswami • November 18, 2019

India may soon have a single authority or agency responsible for the entire spectrum of cyber defensive operations. This is a good step that was long overdue. But the real test lies in actual implementation of the plan.

Cybercrime

Why Is Third-Party Risk Management So Complex?

Latest

Governance

Compromised Website Led to Australia Parliament Hack

Jeremy Kirk • November 18, 2019

The Australian Parliament's computer network was compromised in January after politicians browsed a legitimate website that was compromised. The watering-hole style attack resulted in a small amount of non-sensitive data being revealed, according to the leader of the Senate.

Cybercrime

7 Takeaways: Insider Breach at Twitter

Mathew J. Schwartz • November 18, 2019

Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Fraud Management & Cybercrime

Roger Stone Found Guilty on All 7 Counts

Scott Ferguson • November 15, 2019

Roger J. Stone, Jr., a long-time associate of President Donald Trump, was found guilty Friday of lying to Congress, obstruction and witness tampering related to his efforts to feed the Trump campaign inside information about WikiLeaks in 2016. He'll be sentenced in February.

Cyberwarfare / Nation-State Attacks

Risky Dialing: Trump Call Raises Security Worries

Jeremy Kirk • November 15, 2019

A House impeachment hearing has revealed that President Donald Trump spoke by phone with a key ambassador - who was sitting in a Kiev restaurant - about "investigations." If that mobile phone call was unsecured, security experts say, foreign intelligence agencies could have intercepted it.

Cybercrime

New JavaScript Skimmer Found on Ecommerce Sites

Scott Ferguson • November 15, 2019

Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 ecommerce websites in an effort to steal payment card data. Dubbed "Pipka," this skimmer has new capabilities to avoid detection.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan • November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Governance

Researchers Describe Significant Flaw in Intel's PMx Driver

Jeffrey Burt • November 13, 2019

Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

'Devaluing' Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

PCI Standards

Verizon: Companies Failing to Maintain PCI DSS Compliance

Nick Holland • November 12, 2019

Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.

Artificial Intelligence & Machine Learning

UAE Forms Defense Firm to Help Tackle Cyberthreats

Geetha Nandikotkur • November 11, 2019

A new defense company has been formed in United Arab Emirates, combining three government-owned and 22 independent companies in an effort to develop technologies to help thwart cyberattacks and repel military drones.