Latest

Business Email Compromise (BEC)

BEC Scam Costs Trading Firm Virtu Financial $6.9 Million

Doug Olenick  •  August 11, 2020

High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.

►

Fraud Management & Cybercrime

Using DNS Data for Cybercrime Intelligence

Jeremy Kirk  •  August 11, 2020

The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.

►

Account Takeover

Fighting Fraud: Understanding Threat Actors' Techniques

Suparna Goswami  •  August 11, 2020

The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.

COVID-19

Kaspersky: DDoS Attacks Spike During COVID-19 Pandemic

Prajeet Nair  •  August 11, 2020

Researchers at the security firm Kaspersky say distributed denial-of-service attacks increased dramatically in the second quarter, most likely as a result of the shift to a remote workforce because of the COVID-19 pandemic.

COVID-19

Barclays Faces Employee Spying Probe

Mathew J. Schwartz  •  August 10, 2020

The UK's privacy watchdog is probing banking giant Barclays over its use of employee monitoring tools after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees.

Cyberwarfare / Nation-State Attacks

The Debate Over Trump 'Ban' of TikTok, WeChat

Doug Olenick  •  August 7, 2020

President Donald Trump's executive order banning the Chinese-owned TikTok and WeChat apps could prove to be unenforceable, some privacy and security specialists say. But some Republican lawmakers hailed the move, citing the national security risks posed by the apps.

Cloud Security

Capital One Fined $80 Million Over 2019 Breach

Chinmay Rautmare  •  August 7, 2020

A federal banking regulator has fined Capital One $80 million, citing numerous security shortfalls before the 2019 data breach that exposed the financial and personal information of over 100 million individuals in the U.S. and Canada.

►

Application Security

Managing API Security

Suparna Goswami  •  August 7, 2020

Because APIs are an attractive target for hackers, organizations need to make API security a higher priority, says Aseem Ahmed of Akamai Technologies.

Cyberwarfare / Nation-State Attacks

Trump Signs Executive Orders Banning TikTok, WeChat

Prajeet Nair  •  August 7, 2020

President Donald Trump, citing national security concerns, has signed two executive orders that will ban the Chinese-owned social media platforms TikTok and WeChat from the U.S. within 45 days. The orders appear designed to accelerate the sale of the two platforms to American firms.

3rd Party Risk Management

Intel Investigating Possible Leak of Internal Data

Prajeet Nair  •  August 7, 2020

Chip giant Intel is investigating what led to the posting of 20 GB of internal company data - including what appears to be confidential corporate information - to the MEGA cloud storage and file sharing platform.

Application Security

Analysis: Hijacking of Twitter Hacker's Virtual Hearing

Anna Delaney  •  August 7, 2020

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Cybercrime

Exploring the Forgotten Roots of 'Cyber'

Mathew J. Schwartz  •  August 7, 2020

One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?