Latest

Alleged Fraud at Billing Firm Spotlights Insider Risks

Marianne Kolbasuk McGee  •  November 24, 2020

Federal prosecutors have announced the indictment of an employee of a Florida medical billing company in a case involving alleged identity theft and Medicaid fraud.

Cloud Security

AWS Flaw Allows Attackers to Find Users' Access Codes

Chinmay Rautmare  •  November 20, 2020

A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.

Business Continuity Management / Disaster Recovery

Christopher Krebs Describes Accomplishments

Anna Delaney  •  November 20, 2020

This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.

Artificial Intelligence & Machine Learning

The Dark Side of AI: Previewing Criminal Uses

Mathew J. Schwartz  •  November 20, 2020

"Has anyone witnessed any examples of criminals abusing artificial intelligence?" That's a question security firms have been raising. A new report has identified likely ways in which such attacks might occur and offers examples of threats already emerging

Fraud Management & Cybercrime

Twitter Hires Famed Hacker 'Mudge' as Security Head

Scott Ferguson  •  November 17, 2020

Twitter has hired network security expert Peiter Zatko to serve in the newly created position of head of security following a series of high-profile cyber incidents. Zatko, known as "Mudge," gained fame as a member of the ethical hacking group "Cult of the Dead Cow" and worked for the government and Google.

Card Not Present Fraud

'ModPipe' POS Malware Attacking Hospitality Industry

Scott Ferguson  •  November 14, 2020

A recently uncovered point-of-sale malware called "ModPipe" is targeting Oracle software used by thousands of restaurants and other businesses in the hospitality industry, according to researchers at ESET. This backdoor can then steal sensitive data, such as cardholder names.

►

Big Data Security Analytics

Mitigating the Risk of Authorized Push Payment Fraud

Suparna Goswami  •  November 11, 2020

Authorized push payment fraud is expected to continue to surge in 2021. PJ Rohall, co-founder of the website About-Fraud, says behavioral analytics can play an important role in mitigating the risk.

►

Account Takeover Fraud

Cybersecurity Leadership: A Fresh Look at Fraud

Tom Field  •  November 6, 2020

COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.

Application Security

India Regulator Allows For Expanded WhatsApp Payments

Chinmay Rautmare  •  November 6, 2020

India's payments-processor regulatory body has given the final go-ahead to roll out WhatsApp's processing payment services to 20 million users across the country, the agency and parent company Facebook announced. The approval comes after the social media giant applied for permission in 2018.

Application Security

Apple Fixes iOS Zero Day Flaws Found by Google

Jeremy Kirk  •  November 6, 2020

Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.

COVID-19

Analysis: Are Marriott and BA's GDPR Fines Big Enough?

Anna Delaney  •  November 6, 2020

The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.

Cryptocurrency Fraud

DOJ Seizes $1 Billion Worth of Bitcoin Linked to Silk Road

Scott Ferguson  •  November 5, 2020

The U.S. Justice Department is looking to seize more than $1 billion worth of bitcoin that investigators have linked to the notorious Silk Road darknet marketplace. The cryptocurrency was stored within a mysterious digital wallet that had been dormant for years, but the subject of much speculation.