Facebook's latest information exposure alert affects up to 6.8 million users.

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Mathew J. Schwartz • December 17, 2018

Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8 million users' private photos may have been revealed to 1,500 apps built by 876 developers.

Cyberwarfare / Nation-state attacks

Eastern European Bank Hackers Wield Malicious Hardware

Latest

Breach Response

Breach Response: When to Involve the Board and PR

Tom Field • December 14, 2018

In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures. Attorney Mark Rasch offers insights for preparing and practicing response plans.

Artificial Intelligence & Machine Learning

How to Maximize Data Used to Fight Fraud

Tom Field • December 14, 2018

The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning.

Fraud Management & Cybercrime

Mitigating Identity Deception

Tom Field • December 14, 2018

The fraudsters have more tools and information than ever at their disposal to pull off socially engineered schemes. But how can the victims turn the tables? Agari's Andrew Coyle discusses new tools and strategies to improve defenses.

Breach Response

Did China Hack Marriott, Or Is This Fake News?

Nick Holland • December 14, 2018

The latest edition of the ISMG Security Report features an analysis of the validity of reports that China is behind the massive Marriott data breach. Also: Fascinating details in a Congressional report on the Equifax breach, and a clear explanation of "self-sovereign identity."

Breach Response

After Mega-Breach, Marriott May Pay for New Passports

Jeremy Kirk • December 10, 2018

Victims of the massive Marriott International data breach, which exposed data for 500 million customers, including some passport numbers, may be able to claim reimbursement for the cost of obtaining a replacement passport, provided they can prove it led to fraud.

Artificial Intelligence & Machine Learning

A CISO's View on Analytics in Healthcare Security

Tom Field • December 10, 2018

The marketers would have us believe that machine learning and behavioral analytics are the keys to unlocking the future of healthcare information security. But Vikrant Arora, CISO of the Hospital for Special Surgery in New York, offers a more practical outlook.

Anti-Fraud

Face Off: Researchers Battle AI-Generated Deep Fake Videos

Mathew J. Schwartz • December 7, 2018

The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk • December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland • December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

3rd Party Risk Management

Emails Expose Sensitive Internal Facebook Discussions

Jeremy Kirk • December 6, 2018

A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field • December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field • December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.