'ShadowHammer' Spreads Across Online Gaming Supply Chain

Scott Ferguson • April 24, 2019

A sophisticated supply-chain attack dubbed Operation ShadowHammer is becoming more pervasive, with the group targeting online gamers, security researchers at Kaspersky Lab warn.

Audit

'Sea Turtle' DNS Hijacking Group Conducts Espionage: Report

Latest

ATM Fraud

'Silence' Cybercrime Gang Targets Banks in More Regions

Scott Ferguson • April 23, 2019

Known for targeting banks and ATMs in Russia and other Eastern European countries, the "Silence" gang apparently is now expanding into other regions, using a combination of custom malicious tools and "living-off-the-land" techniques, researchers report.

Application Security

Facebook Marketplace Flaw Revealed Seller's Exact Location

Mathew J. Schwartz • April 23, 2019

Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.

Anti-Fraud

The FBI's RAT: Blocking Fraudulent Wire Transfers

Jeremy Kirk • April 23, 2019

Fraud, e-hustles and social engineering attacks continues to proliferate, the FBI's latest report into the state of internet crime confirms. But over the past year, a new FBI tactic for quickly stopping fraudulent wire transfers has notched notable successes.

Governance

Regulator to Facebook: Move Fast But Stop Breaking Things

Mathew J. Schwartz • April 22, 2019

"Move fast and break things," Facebook CEO Mark Zuckerberg once said of his company's internal motto. But regulators have been increasingly signaling to Facebook that when it comes to users' privacy and data security, too much remains broken.

Cyberwarfare / Nation-state attacks

Mueller Report: With Russian Hacking Laid Bare, What Next?

Mathew J. Schwartz • April 19, 2019

Robert Mueller's report into Russian interference clearly states: "The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion." In the wake of the Trump administration lifting some Russian sanctions, one expert says it must take the opposite tack.

Cybercrime

Leak Exposes OilRig APT Group's Tools

Scott Ferguson • April 19, 2019

A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say.

Cybercrime

Not So 'Smart' - Child Tech Has Hackable Flaws

Mathew J. Schwartz • April 19, 2019

A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.

Cybersecurity

Released: Redacted Mueller Report on Russian Interference

Mathew J. Schwartz • April 18, 2019

The U.S. Department of Justice on Thursday released a redacted version of a confidential report prepared for the U.S. attorney general by Special Counsel Robert Mueller, summarizing his two-year investigation into Russian election interference and whether President Donald Trump obstructed the probe.

Next-Generation Technologies & Secure Development

Evolving to Next-Generation Security Orchestration and Visibility

Varun Haran • April 17, 2019

Because traditional tools are not helping in detecting threats or reducing noise, the need of the hour is a unified threat dashboard, says Vishak Raman, director of security business for India and SAARC at Cisco.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson • April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.

Data Breach

Wipro Detects Phishing Attack: Investigation in Progress

Suparna Goswami • April 16, 2019

Indian IT service firm Wipro on Tuesday said that it has detected abnormal activities on some of its employee accounts due to an advanced phishing campaign. An investigation is continuing, the company confirms.