Unsecured Server Exposed Records of 1.2 Billion: Researchers

Governance , Identity & Access Management , Incident & Breach Response Over 4 Terabytes of Data Exposed, Including Social Media Profiles, Personal Information Scott Ferguson (@Ferguson_Writes) • November 22, 2019     Some 4 terabytes of data on over 1.2 billion individuals – including LinkedIn and Facebook profiles – was exposed to the internet on an unsecured Elasticsearch server, according to an analysis by a pair of independent researchers. See…

November 23, 2019
Read More >>

NeverQuest Banking Trojan Co-Creator Sentenced to 4 Years

Account Takeover , Cybercrime , Fraud Management & Cybercrime Stanislov Lisov of Russia Pleaded Guilty to Federal Hacking Charge Akshaya Asokan (asokan_akshaya) • November 22, 2019     Stanislov Lisov, a Russian hacker who helped create the NeverQuest banking Trojan, which was capable of extracting millions of dollars from victims’ financial accounts, has been sentenced to four years in federal prison. See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service…

November 22, 2019
Read More >>

Ransomware Attackers Leak Stolen Data

Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime Maze Crew Reportedly Threatens to Release More of Allied Universal’s Data Unless Ransom Paid Mathew J. Schwartz (euroinfosec) • November 22, 2019     Maze ransomware logo (Source: @JAMESWT_MHT) Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim’s files to create pressure to pay a ransom. See Also: Webinar |…

November 22, 2019
Read More >>

Analysis: The Latest Ransomware Trends

This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. In this report, you’ll hear (click on player beneath image to listen): ISMG’s Mathew Schwartz discuss researchers’ findings on ransomware trends plus a related announcement from Microsoft; ISMG’s Jeremy Kirk explain Microsoft’s move to DNS over HTTPS; Sean Peasley of Deloitte on playing catch-up on IoT security. The ISMG Security Report appears on this…

November 22, 2019
Read More >>

Twitter No Longer Wants a Phone Number for 2FA

Account Takeover , Cybercrime , Finance & Banking Change Means Increased Privacy and Security for Users Jeremy Kirk (jeremy_kirk) • November 22, 2019     Twitter users no longer have to supply a phone number to use two-step verification for authentication. See Also: Webinar | The Future of Adaptive Authentication in Financial Services The move, announced Thursday, will help better protect accounts that may be targeted by so-called SIM swapping…

November 22, 2019
Read More >>

Multifactor Authentication 2020: Faster and More Effective

Multifactor authentication is gaining traction – but it also is causing additional user friction when deployed poorly. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies discuss how best to deploy and administer MFA. No matter whose research you cite, a startling high percentage of recent breaches are the result of stolen or weak credentials. Yet, enterprises still struggle to take advantage of multifactor authentication. Nachreiner, CTO at WatchGuard, chalks that…

November 22, 2019
Read More >>

Target Sues Insurer Over 2013 Data Breach Costs

Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Scott Ferguson (@Ferguson_Writes) • November 21, 2019     Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer’s massive 2013 data breach. See Also: Live Webinar | Empowering Your Human Firewall: The Art and Science of…

November 22, 2019
Read More >>

Federal Reserve Report Raises Concerns About ‘Stablecoins’

Blockchain & Cryptocurrency , Cybercrime , Fraud Management & Cybercrime Fed Warns These Cryptocurrencies Could Be Used for Money Laundering, Terrorism Financing Akshaya Asokan (asokan_akshaya) , Scott Ferguson (@Ferguson_Writes) • November 21, 2019     The U.S. Federal Reserve is warning that the increasing use of cryptocurrencies known as “stablecoins,” without proper safeguards and regulations, could pave the way for crime, including money laundering and terrorism financing. See Also: Key…

November 21, 2019
Read More >>

Microsoft Debunks Dopplepaymer Ransomware Rumors

Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance Infections Spread Not Via Microsoft Teams, But By Stolen Active Domain Credentials Mathew J. Schwartz (euroinfosec) • November 21, 2019     Microsoft Teams won’t give you a ransomware infection, but Active Directory can. (Source: Microsoft) For workers who prefer that their chat-based workspaces not be used as ransomware-distribution vectors, worry not. But for anyone responsible for…

November 21, 2019
Read More >>

PayMyTab Exposes Restaurant Customer Data: Report

Application Security , Governance , IT Risk Management Researchers Say Company Left Customer Data Unsecured in AWS S3 Bucket Akshaya Asokan (asokan_akshaya) • November 20, 2019     An unsecure database belonging to PayMyTab, a company that provides U.S. restaurants with mobile payment apps and devices, left payment card and other customer data exposed, according to a new report from two independent security researchers. The unsecured Amazon Web Services database…

November 20, 2019
Read More >>