Source: Symantec

Hackers Hit Satellite Operators and Telecoms, Symantec Says

Jeremy Kirk • June 20, 2018

Symantec says it has uncovered a cyber espionage campaign that targets telecommunications operators in Southeast Asia - as well as a defense contractor and satellite communications operator - and warns that the hacking group, dubbed Thrip, may be laying the groundwork for more destructive attacks.

Legislation

Making the Most of ISO Standards

Latest

Cybercrime

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Mathew J. Schwartz • June 19, 2018

The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.

Cybersecurity

Cybersecurity Insurance: How Underwriting Is Changing

Nick Holland • June 18, 2018

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

Authentication

Analysis: Distraction Tactics Used in Banco de Chile Hack

Nick Holland • June 15, 2018

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz • June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.

Breach Notification

Dixons Carphone Breach: 5.9 Million Payment Cards Exposed

Mathew J. Schwartz • June 13, 2018

The U.K.'s Dixons Carphone is investigating a data breach that resulted in the suspected exposure of 5.9 million payment cards and nonfinancial information for 1.2 million customers. The incident could become the first U.K. breach to fall under the EU's General Data Protection Regulation.

Anti-Malware

Banco de Chile Loses $10 Million in SWIFT-Related Attack

Jeremy Kirk • June 13, 2018

Banco de Chile has become the latest victim of a SWIFT-related malware incident. Attackers first corrupted thousands of PCs' master boot records as a distraction. Then they used fraudulent SWIFT messages to steal $10 million.

Cybercrime

Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Mathew J. Schwartz • June 12, 2018

As bitcoin continues its massive price fluctuations, a new report says criminals have continued their push to get extortion and ransom payments in more stable cryptocurrencies. But bitcoins remain a top target for hackers, who most often choose to directly target cryptocurrency exchanges.

Breach Notification

PageUp Breach: Personal Data Exposed

Jeremy Kirk • June 12, 2018

PageUp, an HR software developer in Australia with clients worldwide, is warning that malware-wielding attackers may have accessed a raft of personal data stored in its systems. The breach may be the largest to have hit Australia since its mandatory data breach notification law went into effect in February.

Business Email Compromise (BEC)

74 Arrests in Business Email Compromise Takedown

Howard Anderson , Nick Holland • June 11, 2018

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the U.S. Department of Justice announced Monday.

Cyberwarfare / Nation-state attacks

US Imposes More Russian Sanctions for Cyberattacks

Nick Holland • June 11, 2018

The U.S. Treasury Department announced Monday that it has imposed sanctions on five Russian organizations and three individuals, the latest move by the Trump administration in response to Russian cyberattacks.

Biometrics

Revamping the Approach to Aadhaar Security

Suparna Goswami • June 11, 2018

The entire approach toward Aadhaar security needs to change to address problems on the users' end, rather than focus on the UIDAI's core database, contends Na. Vijayashankar, a cyber law expert. He'll be a featured speaker at ISMG's Fraud and Breach Prevention Summit in Bengaluru.

Compliance

GDPR: UK Privacy Regulator Open to Self-Certification

Mathew J. Schwartz • June 8, 2018

One day, organizations may be able to self-certify their GDPR compliance, says an official at the U.K.'s data privacy regulator. Regardless, experts recommend that organizations ensure they are focusing on continuous GDPR compliance and regularly testing their data breach response plans.