Gord Jamieson of Visa

Battling Payment Card Fraud in the COVID-19 Era

Prajeet Nair • September 24, 2020

The shift to online shopping - and card-not-present transactions - during the COVID-19 pandemic has driven fraudsters to shift their strategies, including ramping up efforts to open fraudulent accounts, says Gord Jamieson of Visa, who offers advice on mitigating the risks.

►

Cloud Security

DOJ Says Russian Went Beyond Election Disinformation

Latest

Forensics

Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Cybercrime

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Mathew J. Schwartz • September 25, 2020

With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.

Governance & Risk Management

NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.

Cloud Access Security Brokers (CASB)

Drop Everything and Secure Remote Workforce, Gartner Warns

Mathew J. Schwartz • September 24, 2020

Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner.

Cybercrime

Ransomware Danger: Russian-Speaking Gang Targets Russians

Mathew J. Schwartz • September 23, 2020

Russian criminals operating online who want to stay out of jail need only to follow a few simple rules, the primary one being: Never target Russians. So it's surprising that security researchers have uncovered a new ransomware-wielding gang of Russian speakers that includes Russian victims on its hit list.

COVID-19

Cybercrime Review: Hackers Cash in on COVID-19

Mathew J. Schwartz • September 22, 2020

Reviewing online attack trends for the first half of the year, numerous cybersecurity firms agree: COVID-19 was king. As the pandemic has reshaped how many live and work, so too has it driven attackers to attempt to exploit work-at-home challenges and virus fears.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Tom Field • September 22, 2020

It might be new, but are we ready to call this "normal?" In this latest in a series of CEO/CISO panels, cybersecurity leaders talk frankly about the new risk surface and the role emerging technologies play in helping us keep pace with our adversaries.

Cloud Security

As TikTok Negotiations Continue, US App Ban Gets Delayed

Prajeet Nair • September 21, 2020

TikTok and WeChat both received reprieves over the weekend that helped avert U.S. blocks of their social media apps. President Donald Trump says he has given his "blessing" to a deal that would see Oracle and Walmart take a stake in TikTok's U.S. operations. Separately, a federal judge suspended a WeChat ban.

Cryptocurrency Fraud

Why Darknet Markets Persist

Mathew J. Schwartz • September 18, 2020

Empire is the latest darknet market to "exit scam," meaning administrators ran away with users' cryptocurrency, leaving the market to fail. Given the ongoing risk of exit scams, as well as police often targeting such markets, why do they persist?

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Blockchain & Cryptocurrency

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Prajeet Nair • September 17, 2020

Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Cybercrime

5 Chinese Suspects Charged in Connection With 100 Breaches

Doug Olenick • September 16, 2020

Federal prosecutors have unsealed indictments charging five Chinese suspects - alleged members of the China-linked APT41 hacking group - with breaching more than 100 companies, government agencies and other organizations around the world.