Payment Card Skimming Hits 2,000 E-Commerce Sites

Prajeet Nair • September 15, 2020

From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe's Magento software, possibly resulting in the theft of payment card data, according to Sanguine Security.

Breach Notification

Tracking the Targets of 'Cybersquatting' Attacks

Latest

Application Security

US Banning TikTok, WeChat Downloads

Doug Olenick • September 18, 2020

The U.S. Commerce Department is banning the downloading and hosting of China-based social media apps TikTok and WeChat effective on Sunday, citing national security concerns. The announcement comes as Oracle continues to negotiate a deal for partnering on TikTok's U.S. operations.

Cryptocurrency Fraud

Why Darknet Markets Persist

Mathew J. Schwartz • September 18, 2020

Empire is the latest darknet market to "exit scam," meaning administrators ran away with users' cryptocurrency, leaving the market to fail. Given the ongoing risk of exit scams, as well as police often targeting such markets, why do they persist?

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Blockchain & Cryptocurrency

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Prajeet Nair • September 17, 2020

Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Cybercrime

5 Chinese Suspects Charged in Connection With 100 Breaches

Doug Olenick • September 16, 2020

Federal prosecutors have unsealed indictments charging five Chinese suspects - alleged members of the China-linked APT41 hacking group - with breaching more than 100 companies, government agencies and other organizations around the world.

Fraud Management & Cybercrime

Ransomware Gangs Find Fresh Ways to Make Victims Pay

Anna Delaney • September 11, 2020

The latest edition of the ISMG Security Report analyzes how criminals keep finding new ways to make ransomware victims pay. Also featured: Preventing digital currency counterfeits; a proposed health data privacy framework.

Anti-Money Laundering (AML)

Cybercriminals Prefer 'Old School' Money Laundering Methods

Akshaya Asokan • September 9, 2020

Cybercriminals still prefer to use "money mules" and drug trafficking to launder money tied to their bank hacking activities rather than cryptocurrency transactions, according to a report from SWIFT, which handles intra-bank financial transactions.

Cybercrime

'Salfram' Email Campaign Spreads Malware to Businesses

Akshaya Asokan • September 4, 2020

A recently uncovered malicious email campaign is delivering to businesses multiple types of malware, including a Trojan designed to steal banking credentials and other financial information, according to a research report from Cisco Talos.

Fraud Management & Cybercrime

The Need to Modernize Fraud-Fighting Methods

Suparna Goswami • September 4, 2020

Fraud prevention practices are not keeping up with changes in risks, says Al Pascual, COO at Breach Clarity, who offers insights on leveraging the latest tools.

Breach Notification

Equifax Breach: CISO Describes Lessons Learned

Anna Delaney • September 4, 2020

The latest edition of the ISMG Security Report features a discusssion with Equifax CISO, Jamil Farshchi, on the lessons learned from the credit reporting firm's massive data breach three years ago. Also featured: Australians' driver's licenses leaked; privileged access management tips.

Cybercrime

Evilnum Hackers Change Tactics for Targeting Fintech Firms

Akshaya Asokan • September 3, 2020

Evilnum, a hacking group that targets fintech firms mainly in the U.K. and Europe, is deploying a new remote access Trojan, according to Cybereason. The group is targeting "know your customer" procedures to start these attacks.

3rd Party Risk Management

Cybersecurity Leaders: Planning (and Budgeting) for 2021

Tom Field • September 1, 2020

A hybrid workforce, heightened insider risk, 5G concerns over the expanded attack surface - these are the "more" that people reference when they talk about "doing more with less" in 2021. A CEO/CISO panel discusses how security leaders prioritize budget allocations for these concerns.