Are Companies Adhering to CCPA Requirements?

Suparna Goswami • January 28, 2020

Many companies that should be offering customers the ability to "opt out" of the sale of their information under the California Consumer Privacy Act are failing to do so because of the law's ambiguities, some legal experts say. CCPA went into effect Jan. 1, but it won't be enforced until July.

Cybercrime

Mitsubishi Electric Blames Anti-Virus Bug for Data Breach

Latest

Application Security

Dave DeWalt on Securing Business-Critical Applications

Tom Field • January 27, 2020

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020.

Cybercrime

Stolen Payment Card Trafficking Mastermind Pleads Guilty

Scott Ferguson • January 24, 2020

Aleksey Burkov, who was extradited from Israel to the U.S. in November, plead guilty this week to several federal charges related to his site "Cardplanet," which trafficked in stolen payment card data.

Cybercrime

Hackers Target European Energy Firm: Researchers

Scott Ferguson • January 24, 2020

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future.

Cyberwarfare / Nation-State Attacks

Analysis: New Details on the Hacking of Jeff Bezos' iPhone

Nick Holland • January 24, 2020

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer service records; a hacker's take on key areas of cyber hygiene.

Anti-Phishing, DMARC

Emotet Malware Alert Sounded by US Cybersecurity Agency

Mathew J. Schwartz • January 23, 2020

Emotet malware alert: The U.S. Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet malware attacks. It urges all organizations to immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers.

Cybercrime

Investigators: Saudis Hacked Amazon CEO Jeff Bezos' Phone

Mathew J. Schwartz • January 22, 2020

The mobile phone of Amazon CEO Jeff Bezos was hacked via a malicious file sent directly from the official WhatsApp account of Saudi Arabia's Crown Prince Mohammed Bin Salman, investigators have concluded. While the Saudis deny involvement, the United Nations has called for an immediate investigation.

Encryption & Key Management

Report: Apple Scuttled Encryption Plans for iCloud Backups

Jeremy Kirk • January 22, 2020

Apple previously scuttled plans to add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations. But the apparent olive branch hasn't caused the U.S. government to stop vilifying strong encryption and the technology giants that provide it.

Cyberwarfare / Nation-State Attacks

BT and Vodafone Reportedly Want Huawei 5G Gear

Mathew J. Schwartz • January 22, 2020

Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Artificial Intelligence & Machine Learning

Google CEO Backs EU's Proposed Facial Recognition Ban

Ishita Chigilli Palli • January 21, 2020

Alphabet and Google CEO Sundar Pichai is supporting an EU proposal for a temporary ban on the use facial recognition technology in public areas and is calling for government regulation of artificial intelligence.

Governance

Citrix Releases First Patches to Fix Severe Vulnerability

Scott Ferguson • January 20, 2020

Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.

Anti-Money Laundering (AML)

How Cybercriminals Are Converting Cryptocurrency to Cash

Ishita Chigilli Palli • January 20, 2020

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according to a report by Chainalysis.