"As AI advances, it's important to balance public safety with our democratic freedoms," says Microsoft President Brad Smith. (Photo: Mathew Schwartz)

Facial Recognition Backlash: Technology Giants Scramble

Mathew J. Schwartz • July 18, 2018

Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.

Breach Response

'Time for US Cyber Command to Take the Gloves Off'

Latest

Breach Notification

Timehop Reveals Additional Data Compromised by Hacker

Jeremy Kirk • July 16, 2018

Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.

Breach Response

Analysis: California's Groundbreaking Privacy Law

Nick Holland • July 13, 2018

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.

Data Breach

RiskIQ: Ticketmaster Hackers Compromised Widely Used Tools

Jeremy Kirk • July 12, 2018

Magecart, the criminal group behind the recent data breach at certain Ticketmaster websites, may have also hit the company's sites in Australia, New Zealand, Turkey and Hungary, according to RiskIQ, which says the group's digital payment card skimmers may also affect as many as 800 other e-commerce sites.

Blockchain Applications

Cryptocurrency Exchange Developer Bancor Loses $23.5 Million

Jeremy Kirk • July 11, 2018

Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange. The cause of the hack may have been a failure by Bancor to protect authentication keys that allowed for changes in its token smart contracts.

Application Security

Implementing a 'Zero Trust' Approach to Security

Tom Field • July 11, 2018

Every application should be protected the same way no matter where it resides, rather than focusing on a "perimeter" approach, says Doug Copley of Duo Security, who describes a "zero trust" approach.

Breach Response

Timehop: Lack of Multifactor Login Controls Led to Breach

Jeremy Kirk • July 10, 2018

Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.

Fraud Management & Cybercrime

The Battle for Data Integrity

Tom Field • July 10, 2018

Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.

Compliance

HealthEngine Offered $25 Gift Vouchers for Dental Invoices

Jeremy Kirk • July 9, 2018

Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.

Governance

Bringing Vendor Risk Management to the Midmarket

Nick Holland • July 9, 2018

A new initiative by the Cyber Readiness Institute aims to promote best cybersecurity and vendor risk management practices to smaller enterprises. RiskRecon founder and CEO Kelly White offers his perspective on converting standards to practices.

Cybercrime

Why You Can Take Fraud Advice From This Ex-Con

Tom Field • July 6, 2018

It's a fair question: Can you trust the fraud advice you're given from a former fraudster? Especially one who's betrayed law enforcement before? Brett Johnson says he's abandoned crime for good, and he shares insight on the types of fraud schemes he once practiced.

Artificial Intelligence & Machine Learning

New Account Fraud's 'Perfect Storm'

Tom Field • July 6, 2018

Aite's Julie Conroy calls it a "perfect storm." In the post-EMV U.S., and in the wake of massive data breaches and the move to mobility, financial institutions are besieged by a new flood of new account fraud. How can data analytics help them improve fraud prevention?

Breach Response

UK to Establish Court for Cybercrime in London

Jeremy Kirk • July 6, 2018

The U.K. has approved a plan to build a cutting-edge court complex in London designed to handle cybercrime, fraud and economic crime. The facility is expected to be a growth driver for the country's legal industry, despite the U.K.'s pending withdrawal from the European Union.