Amazon CEO Jeff Bezos

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz • January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Critical Infrastructure Security

RBI OKs Video-based Authentication. But Will Banks Use It?

Latest

Encryption & Key Management

Report: Apple Scuttled Encryption Plans for iCloud Backups

Jeremy Kirk • January 22, 2020

Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.

Cyberwarfare / Nation-State Attacks

BT and Vodafone Reportedly Want Huawei 5G Gear

Mathew J. Schwartz • January 22, 2020

Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Breach Notification

GDPR: $126 Million in Fines and Counting

Mathew J. Schwartz • January 21, 2020

Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.

Artificial Intelligence & Machine Learning

Google CEO Backs EU's Proposed Facial Recognition Ban

Ishita Chigilli Palli • January 21, 2020

Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.

Anti-Money Laundering (AML)

How Cybercriminals Are Converting Cryptocurrency to Cash

Ishita Chigilli Palli • January 20, 2020

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according a report by Chainalysis.

Active Defense & Deception

Sizing Up Today's Deception Technology

Nick Holland • January 20, 2020

Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.

Cybercrime

'WeLeakInfo' Website Shut Down

Scott Ferguson • January 17, 2020

Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

Business Email Compromise (BEC)

BEC Fraudsters Targeting Financial Documents: Report

Scott Ferguson • January 17, 2020

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.

3rd Party Risk Management

Aussie Bank Says Server Upgrade Led to Data Breach

Jeremy Kirk • January 17, 2020

P&N Bank in Perth, Australia, says a server upgrade gone wrong led to the breach of sensitive personal information in its customer relationship management system. The incident is another example how organizations can be imperilled by mistakes on the part of their suppliers.

Active Defense & Deception

Analysis: Huawei 5G Dilemma

Nick Holland • January 17, 2020

The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.

Governance

Windows Vulnerability: Researchers Demonstrate Exploits

Scott Ferguson • January 16, 2020

A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.