Cybercrime: 15 Top Threats and Trends

Mathew J. Schwartz • September 19, 2018

Criminals operating online continue to target cryptocurrencies, leverage phishing and other social engineering attacks, as well as tweak age-old scams - including Nigerian prince emails - for the modern age. So warns Europol in its latest Internet Organized Crime Threat Assessment.

Cloud Access Security Brokers (CASB)

Postmortem: Multiple Failures Behind the Equifax Breach

Latest

Data Breach

'Magecart' Card-Sniffing Gang Cracks Newegg

Jeremy Kirk • September 20, 2018

Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month. Security firms have traced the heist to Magecart, a loose affiliation of cybercrime gangs also tied to payment card data breaches at British Airways and Ticketmaster.

Breach Preparedness

Perth Mint Says 3,200 Customers Affected By Data Breach

Jeremy Kirk • September 19, 2018

If you're going to hack, why not go for the gold? That appears to have been the impetus behind an unusual data breach at the government-owned Perth Mint in Western Australia, which says personal details for 3,200 customers stored in an old database were compromised.

Breach Preparedness

New Hacker Exploits and How to Fight Them

Nick Holland • September 19, 2018

Hackers are constantly developing new exploits, and updating defenses is not an easy task. Dan Larson of Crowdstrike discusses some the new techniques hackers are using and how to fight them off.

Fraud

The Need for Security Collaboration

Nick Holland • September 19, 2018

Today's cybercriminals don't operate in silos, so why do companies? Saba Shariff of Symcor discusses techniques for greater collaboration on security.

General Data Protection Regulation (GDPR)

GDPR: The Global Impact on Privacy

Nick Holland • September 19, 2018

Richard Henderson of Infosec Global discusses the impact of the European Union's General Data Protection Regulation and how the law is influencing privacy frameworks globally.

Application Security

Managing Open Source Risks

Nick Holland • September 19, 2018

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.

General Data Protection Regulation (GDPR)

GDPR Compliance: Common Misconceptions

Marianne Kolbasuk McGee • September 19, 2018

Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.

Breach Response

Yahoo's Mega-Breaches: Altaba Moves to Settle Lawsuits

Mathew J. Schwartz • September 18, 2018

Lawsuits sparked by massive data breaches at Yahoo - and the company's failure to report those breaches to investors in a timely manner - could soon be resolved. Plaintiffs and defendants say they have committed to a $47 million deal that they expect to submit for court approval within 45 days.

Cybercrime

Why Cybercrime Remains Impossible to Eradicate

Mathew J. Schwartz • September 18, 2018

More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.

Cybercrime

Police in Europe Tie Card Fraud to People-Smuggling Gang

Mathew J. Schwartz • September 17, 2018

Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.

Endpoint Security

Wielding EternalBlue, Hackers Hit Major US Business

Jeremy Kirk • September 17, 2018

Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.

Encryption & Key Management

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Jeremy Kirk • September 14, 2018

Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.