Zero Trust, Cloud Adoption Drive Demand for Authorization

Suparna Goswami • May 12, 2022

With zero trust and cloud infrastructures at the top of security practitioners' road maps, there has been an uptick in authorization-related initiatives. Security experts discuss the challenges of authorization and describe how firms can use authorization strategies to better protect themselves.

Blockchain & Cryptocurrency

Card-Not-Present Fraud and Scams: What Concerns Banks?

Latest

Blockchain & Cryptocurrency

Proof of Concept: How Can We Improve Industry Collaboration?

Anna Delaney • May 23, 2022

In this edition, Ari Redbord and Grant Schneider join ISMG editors to discuss the challenges ahead for the U.S. government as it plans to roll out EDR deployments at more than half of federal agencies this year, how stable the stablecoin economy really is and how to improve industry collaboration.

Anti-Money Laundering (AML)

What Is Behind the Increase in Crypto Fraud?

Suparna Goswami • May 20, 2022

There has been a rise in crypto fraud, and a substantial portion of it can be attributed to stimulus funding and paycheck protection programs, says David Britton, vice president of strategy, global ID and fraud at Experian. He discusses new authentication methods and stricter regulations.

Business Continuity Management / Disaster Recovery

Conti Ransomware Group Retires Name After Creating Spinoffs

Mathew J. Schwartz • May 20, 2022

The Russian-language criminal syndicate behind the notorious Conti ransomware has retired that brand name, after having already launched multiple spinoffs to make future operations more difficult to track or disrupt, threat intelligence firm Advanced Intelligence reports.

Access Management

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Mihir Bagwe • May 18, 2022

Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.

Blockchain & Cryptocurrency

Cryptocurrency-Stealing 'Cryware' Malware Attacks Surge

Mathew J. Schwartz • May 18, 2022

Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.

Cybercrime

Feds Say 'Multi-Tasking Doctor' Built Thanos Ransomware

Mathew J. Schwartz • May 17, 2022

U.S. authorities have charged a cardiologist based in Venezuela with developing and selling multiple strains of ransomware, including Jigsaw and Thanos, as well as recruiting affiliates to use the crypto-locking malware against victims in return for a cut of any ransoms paid.

Access Management

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Anna Delaney • May 16, 2022

In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.

Blockchain & Cryptocurrency

Cause for Concern? Ransomware Strains Trace to North Korea

Mathew J. Schwartz • May 16, 2022

If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.

Blockchain & Cryptocurrency

ISMG Editors: What Have We Learned From the Conti Leaks?

Anna Delaney • May 13, 2022

In the latest update, four editors at Information Security Media Group discuss the intriguing insights exposed by the leak of ransomware gang Conti's internal communications, the U.S. Treasury's first-ever sanctions on a cryptocurrency mixer and the latest cyber activity in Russia's hybrid war.

Blockchain & Cryptocurrency

UK Proposes Regulations to Curb Illicit Use of Crypto

Rashmi Ramesh • May 11, 2022

The United Kingdom has announced two proposed pieces of legislation - the Financial Services and Markets Bill and the Economic Crime and Corporate Transparency Bill - to regulate the digital assets industry and curb the use of virtual currency in illicit activity.

Access Management

Apple, Google, Microsoft Unite to Make Passwordless Easier

Michael Novinson • May 7, 2022

Apple, Google and Microsoft are joining forces to back a standard that will allow websites and apps to offers passwordless sign-ins across devices and platforms. The three OS and browsing giants have put their weight behind a common passwordless sign-in standard created by the FIDO Alliance.

Blockchain & Cryptocurrency

First US Sanction of a Virtual Currency Mixer: Blender.io

Rashmi Ramesh • May 7, 2022

Virtual currency mixer Blender.io has been sanctioned by the U.S. for enabling North Korea to conduct "malicious cyber activities and money laundering of stolen virtual currency," the U.S. Treasury Department’s Office of Foreign Assets Control says in its first sanctioning of a currency mixer.