After 2 Years, WannaCry Remains a Threat

Scott Ferguson • May 17, 2019

Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.

Governance

WhatsApp Exploit Reveals 'Legalized Hacking' at Work

Latest

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk • May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland • May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Breach Preparedness

Trump Signs Executive Order That Could Ban Huawei

Jeremy Kirk • May 16, 2019

U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk • May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.

Cybercrime

Hack of Japanese Retailer Exposes 460,000 Customer Accounts

Scott Ferguson • May 15, 2019

Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.

Governance

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Jeremy Kirk • May 14, 2019

Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.

Authentication

Anthem Cyberattack Indictment Provides Defense Lessons

Marianne Kolbasuk McGee • May 13, 2019

The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.

Business Email Compromise (BEC)

Nigerian BEC Scammers Use Malware to Up the Ante

Scott Ferguson • May 13, 2019

A growing area of concern for security researchers is a new crop of business email compromise schemes originating from Nigeria, with scammers upping their game by using new malware. The biggest of the crime gangs is SilverTerrier, according to Palo Alto Network's Unit 42.

Data Breach

Equifax's Data Breach Costs Hit $1.4 Billion

Mathew J. Schwartz • May 13, 2019

Equifax has reported a loss in its latest quarter due to ongoing incident response, legal, investigative and corporate information security overhaul costs resulting from its 2017 data breach. The credit reporting giant says that so far, it's spent $1.4 billion as a result of the massive breach.

Anti-Malware

Feds Warn of 'Electricfish' Malware Linked to North Korea

Scott Ferguson • May 10, 2019

The FBI and the Department of Homeland Security have issued a joint warning about new malware called "Electricfish." Investigators suspect it was developed by the advanced persistent threat group Hidden Cobra, which has been linked to North Korea.

Cybercrime

Chinese Men Charged With Hacking Health Insurer Anthem

Jeremy Kirk • May 10, 2019

Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies.

Anti-Malware

Symantec CEO Exits as Company Misses Earnings Forecast

Mathew J. Schwartz • May 10, 2019

In a surprise turn of events, Symantec's CEO, Greg Clark, resigned on Thursday, the same day that the company reported that it had missed earnings estimates. The value of the anti-virus company's stock dropped almost 13 percent on Friday.