Buyer beware: A new study shows used USBs offered for sale on eBay and elsewhere may contain a wealth of personal information that could potentially be used for identity theft, phishing attacks and other cybercrimes.
Some 96 percent of all compromised payment cards have been issued by U.S. banks, reflecting not only the prevalence of credit cards held by Americans, but the relative ease with which they can be used for fraud, says Liv Rowley, a threat intelligence analyst at Blueliv.
As fraud has shifted over the past decade from basic account takeover to synthetic identities and new account fraud, so has the field of identity protection evolved. Tom Thimot and George Tubin of Socure say they are here to disrupt the industry.
Although organizations need to worry about phishing, malware and other inbound threats, they also must be aware that social media accounts pose an increasing risk - and they need to be monitored and locked down, says Otavio Freire of SafeGuard Cyber.
A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.
What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.
Cryptocurrency exchanges are seeing fraudsters submit doctored photos in an attempt to reset two-step verification on accounts. The ruse appears to have some degree of success, underscoring the difficulties around verifying identity on the internet.
Recent data leaks, including the SBI incident that affected millions of customers, have once again stirred up a debate on the role of auditors in cybersecurity. But a bigger issue is the need to invest in appropriate security technologies and implement stronger policies and awareness programs.
A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.
Police in Germany say a 20-year-old student has confessed to stealing and leaking personal details from 1,000 German politicians, celebrities and journalists, allegedly after bragging about the crime. More advanced attackers rarely make so much noise.
In the wake of Equifax and other major breaches, sophisticated fraudsters are finding success as never before. Al Pascual of Javelin Strategy and Research discusses how identity impersonation is manifesting.
Account takeover is a rapidly growing arena for cybercriminals. How can organizations strengthen both authentication and authorization? Scott Olson of iovation, a TransUnion Company shares his insights.