The European Parliament building in Strasbourg, France. (Photo: Octavio Espinosa Campodonico, via Wikimedia Commons)

GDPR: An Opportunity for Better Threat Intelligence Sharing

Jeremy Kirk • June 22, 2018

Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.

Data Loss

Dixons Carphone Breach: 5.9 Million Payment Cards Exposed

Latest

General Data Protection Regulation (GDPR)

Why Data Classification Has Gone Mainstream

Mathew J. Schwartz • June 22, 2018

Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.

Anti-Fraud

Preview: ISMG's Fraud and Breach Prevention Summit in Chicago

Nick Holland • June 22, 2018

Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.

Data Breach

Phishing Defense: Block OAuth Token Attacks

Jeremy Kirk • June 21, 2018

Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.

Fraud Management & Cybercrime

Ransomware: No Longer Sexy, But Still Devastating

Mathew J. Schwartz • June 21, 2018

We need to talk about ransomware, says James Lyne, global research adviser at Sophos: "It's not the big, sexy security topic that it once was, but there's some really interesting evolution in their tactics." Lyne rounds up the latest tactics and describes how machine learning is offering new defensive hope.

Authentication

Credential Stuffing Attacks: How to Combat Reused Passwords

Mathew J. Schwartz • June 20, 2018

For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.

Cybercrime

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Mathew J. Schwartz • June 19, 2018

The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.

Breach Notification

PageUp: No Sign of Data Exfiltration

Jeremy Kirk • June 19, 2018

Human resources software developer PageUp says it doesn't appear that personal data exposed in a malware attack was actually removed from its systems. But it has also found authentication error logs that recorded incorrect login attempts from before 2007.

Data Breach

Data Breach Trends: Attackers' Dwell Time Decreases, Mostly

Mathew J. Schwartz • June 18, 2018

There's data breach good news and bad news for organizations in Europe, the Middle East and Africa, says Mike Trevett of FireEye's Mandiant. In general, attackers are dwelling in networks for less time before being discovered, except for some particularly long-lasting breaches in EMEA.

Cybersecurity

Cybersecurity Insurance: How Underwriting Is Changing

Nick Holland • June 18, 2018

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

Breach Notification

PageUp Breach: Job Winners Hit Hardest

Jeremy Kirk • June 15, 2018

Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.

Authentication

Analysis: Distraction Tactics Used in Banco de Chile Hack

Nick Holland • June 15, 2018

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Anti-Malware

Banco de Chile Loses $10 Million in SWIFT-Related Attack

Jeremy Kirk • June 13, 2018

Banco de Chile has become the latest victim of a SWIFT-related malware incident. Attackers first corrupted thousands of PCs' master boot records as a distraction. Then they used fraudulent SWIFT messages to steal $10 million.