Latest

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk  •  April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field  •  April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

►

Anti-Money Laundering (AML)

The Role of Predictive KYC in Fighting Money Laundering

Suparna Goswami  •  April 9, 2021

How can automation help to reduce money laundering fraud? Larry Gordon and Kathleen Gowin of the consultancy Endurance Advisory Partners describe how predictive KYC can help mitigate risks.

Cybercrime

Crisis Communications: How to Handle Breach Response

Anna Delaney  •  April 9, 2021

The latest edition of the ISMG Security Report features an analysis of why transparent communication in the aftermath of a data breach pays off. Also featured: Mastercard on digital identity issues; building a more diverse and inclusive cybersecurity workforce.

Identity & Access Management

Death to 'Fluffy': Please Stop With the Pet Name Passwords

Mathew J. Schwartz  •  April 9, 2021

Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.

Cryptocurrency Fraud

600,000 Payment Cards Stolen From Swarmshop Darknet Market

Doug Olenick  •  April 8, 2021

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

Fraud Management & Cybercrime

Attackers Target Unpatched SAP Applications

Akshaya Asokan  •  April 7, 2021

Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.

Breach Notification

Capital One Warns of More Data Leaked in 2019 Breach

Prajeet Nair  •  April 5, 2021

Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.

►

Fraud Management & Cybercrime

Synthetic Identity Fraud: How to Define and Detect

Nick Holland  •  April 2, 2021

Synthetic identity fraud is a pervasive yet ill-defined crime – hard to define as well as to detect. Greg Woolf of FiVerity discusses a recent initiative by the Federal Reserve in Boston to better define and therefore better manage SIF.

Breach Notification

Analysis: Fat Face's Awkward Breach Notification

Anna Delaney  •  April 2, 2021

The latest edition of the ISMG Security Report features an analysis of retailer Fat Face’s awkward "strictly private and confidential" data breach notification. Also featured: Discussions on the ethics of buying leaked data and the rise of central bank digital currencies.

3rd Party Risk Management

Accellion Holdouts Get Legacy File-Transfer Appliance Blues

Mathew J. Schwartz  •  March 30, 2021

The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.

3rd Party Risk Management

Attacker Updates PHP Source Code to Include Backdoor

Mathew J. Schwartz  •  March 29, 2021

An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.