After Thefts, RBI Warns Cooperative Banks of App Risks

Geetha Nandikotkur • July 23, 2018

The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?

Fraud Management & Cybercrime

FBI: Global Business Email Compromise Losses Hit $12.5 Billion

Latest

Endpoint Security

LabCorp Still Recovering From Ransomware Attack

Marianne Kolbasuk McGee • July 20, 2018

Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?

Endpoint Security

Bank Hackers Exploit Outdated Router to Steal $1 Million

Mathew J. Schwartz • July 20, 2018

Hackers stole at least $920,000 from Russia's PIR Bank after they successfully compromised an outdated, unsupported Cisco router at a bank branch office and used it to tunnel into the bank's local network, reports incident response firm Group-IB.

Cyberwarfare / Nation-state attacks

Trump's Views on Russian Election Meddling: A History

Nick Holland • July 20, 2018

This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.

Cyberwarfare / Nation-state attacks

How Trump Talks About Russian Hacking

Mathew J. Schwartz • July 19, 2018

President Donald Trump has stated that he believes the Russian government attempted to interfere in U.S. elections. But at times, he appears to have also suggested that the interference may be attributable to other countries instead.

Cybercrime

Greece Will Send Russian Cybercrime Suspect to France

Mathew J. Schwartz • July 19, 2018

A Greek court has ruled that Russian national Alexander Vinnik will be sent to France to face cybercrime charges. The U.S. has accused Vinnik of laundering $4 billion in bitcoins via the BTC-e exchange, which it said also handled stolen Mt. Gox and Silk Road bitcoins.

Biometrics

Facial Recognition Backlash: Technology Giants Scramble

Mathew J. Schwartz • July 18, 2018

Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.

Cyberwarfare / Nation-state attacks

Trump's DNC 'Server' Conspiracy Rebutted

Mathew J. Schwartz • July 17, 2018

Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server. Some security experts say Trump's response was nonsense and flies in the face of good digital forensics and incident response practice.

Data Breach

Telefónica Movistar Site Exposed Customer Billing Details

Jeremy Kirk • July 17, 2018

A Spanish consumer rights organization says telecommunications company Telefónica has fixed an elementary security error in its Movistar website that potentially exposed billing invoices for millions of customers. Telefónica says it hasn't detected fraudulent use of the data.

Cyberwarfare / Nation-state attacks

10 Takeaways: Russian Election Interference Indictment

Mathew J. Schwartz • July 16, 2018

The U.S. Justice Department's indictment of 12 Russian intelligence officers for attempting to interfere in the 2016 U.S. presidential election reveals new details about attackers' tactics - and failures - including using cryptocurrencies in an attempt to hide their tracks.

Breach Notification

Timehop Reveals Additional Data Compromised by Hacker

Jeremy Kirk • July 16, 2018

Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.

Endpoint Security

Medical Devices: Addressing Vulnerabilities

Suparna Goswami • July 16, 2018

Hospitals need to improve their efforts to update the software in their medical devices to minimize vulnerability to malware, says Minatee Mishra, lead engineer, security center of excellence, at Philips Health Tech, India.

Cyberwarfare / Nation-state attacks

More Indictments in Russian Election Interference Probe

Howard Anderson • July 13, 2018

Twelve Russian intelligence officers have been indicted, as a result of Special Counsel Robert Mueller's ongoing investigation, for allegedly conspiring to interfere with the 2016 presidential election, including by hacking the Democratic National Committee.