Hong Kong Unveils Cybersecurity Guidelines for Insurers

Geetha Nandikotkur • July 15, 2019

The Insurance Authority of Hong Kong has issued cybersecurity guidelines - including data breach reporting requirements - with a compliance deadline of January 2020. What else is now required?

Critical Infrastructure Security

British Airways Faces Record-Setting $230 Million GDPR Fine

Latest

Endpoint Security

Broadcom Reportedly Suspends Bid for Symantec

Scott Ferguson • July 15, 2019

Broadcom has reportedly suspended its effort to acquire Symantec after the two companies failed to agree on a price for the deal. The negotiations had been ongoing for several weeks.

Cybercrime

'Sea Turtle' DNS Hijackers Expand Reach

Jeffrey Burt • July 15, 2019

The group behind the Sea Turtle espionage campaign that was exposed in April is expanding its geographic reach and claiming new victims, according to researchers with Cisco's Talos unit.

Account Takeover

Payment Fraud: Criminals Enroll Stolen Cards on Apple Pay

Mathew J. Schwartz • July 15, 2019

Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.

Cybercrime

Phishing Campaign Tied to Amazon Prime Day

Akshaya Asokan • July 15, 2019

In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.

3rd Party Risk Management

FTC Reportedly Approves $5 Billion Facebook Fine

Scott Ferguson • July 12, 2019

After a long privacy investigation, the U.S. Federal Trade Commission voted to levy a $5 billion fine against Facebook, according to the Washington Post and the Wall Street Journal.

Security Operations

The Future SOC: Harmonizing Detection and Response

Jeremy Kirk • July 12, 2019

The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.

Active Defense & Deception

Analysis: The Significance of GDPR Fines

Nick Holland • July 12, 2019

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.

3rd Party Risk Management

Battling Supply Chain Security Risks

Marianne Kolbasuk McGee • July 12, 2019

Incidents involving supply chain vendors pose increasingly significant risks to health data, says Rick McElroy of Carbon Black, who addresses "island hopping" and other emerging threats.

Fraud Management & Cybercrime

Report: Ransomware Targets QNAP Storage Devices

Akshaya Asokan • July 11, 2019

A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, warns security firm Anomali.

Cybercrime

RiskIQ: Magecart Group Targeting Unsecured AWS S3 Buckets

Scott Ferguson • July 11, 2019

A cybercriminal gang associated with the umbrella organization known as Magecart has been inserting malicious JavaScript into unsecured Amazon Web Service S3 buckets to skim payment card data, according to research published by RiskIQ. So far, 17,000 infected domains have been identified.

Endpoint Security

Apple Issues Silent Update to Remove Old Zoom Software

Jeremy Kirk • July 11, 2019

Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.

Endpoint Security

Cybersecurity Firm McAfee Preps for Public Market Return

Mathew J. Schwartz • July 11, 2019

Cybersecurity firm McAfee is reportedly planning a return to the public market, eyeing an IPO that could happen as early as later this year, raise $1 billion and value the company at $5 billion, The Wall Street Journal reports. The news comes amid a record volume of technology sector IPOs, including for Crowdstrike.