Latest

Card Not Present Fraud

Ukrainian Cops Bust Phishing Group That Stole $4.3 Million

Mihir Bagwe  •  March 31, 2023

The Ukrainian law enforcement busted a transnational group of scammers that used more than a hundred phishing websites to defraud Europeans. Scammers embezzled nearly $4.4 million by fooling more than a thousand victims to hand over payment card details, say police.

Fraud Management & Cybercrime

Breach Roundup: Lumen, QNAP, NCB and Toyota Italy

Mihir Bagwe  •  March 30, 2023

In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.

Fraud Management & Cybercrime

Nigerian Sentenced to 4 Years for Scamming US Citizens

Mihir Bagwe  •  March 28, 2023

A U.S. federal judge sentenced a Nigerian national to four years in prison for running several cyber-enabled schemes aimed at defrauding U.S. citizens out of more than $1 million. The men were arrested four years ago and extradited to Arizona in 2022 from Malaysia and the United Kingdom.

►

Training & Security Leadership

'Stronger Together' - Preview of RSA Conference 2023

Tom Field  •  March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

►

Video

Essential Steps to Building a Robust API Security Program

Anna Delaney  •  March 28, 2023

Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."

Artificial Intelligence & Machine Learning

ChatGPT Exposed Payment Card Data of Subscribers

Prajeet Nair  •  March 26, 2023

A now-patched bug that caused OpenAI to take down the ChatGPT chatbot for nine hours on Monday also revealed the last four digits of payment cards, the company disclosed Friday. One user said he saw the history of another account including the topics "phobia of rats" and "sexist music video clips."

Incident & Breach Response

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Michael Novinson  •  March 24, 2023

Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

►

Cyberwarfare / Nation-State Attacks

ISMG Editors: What's Next in Russia's Cyber War?

Anna Delaney  •  March 24, 2023

In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Breach Notification

Breach Roundup: Ferrari, Indian Health Ministry and the NBA

Mihir Bagwe  •  March 23, 2023

This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.

Fraud Management & Cybercrime

TikTok CEO Aims to Assure Lawmakers Americans' Data Is Safe

Mathew J. Schwartz  •  March 23, 2023

TikTok CEO Shou Chew appeared Thursday before the U.S. congressional panel to defend his company against accusations that it's imperiling Americans' national security, privacy and mental health. Lawmakers pressed Chew on the company's Chinese ownership, source code and privacy practices.

Cryptocurrency Fraud

Russians Can Use Crypto to Evade Sanctions, Researchers Warn

Mathew J. Schwartz  •  March 23, 2023

Dark web merchants have been offering Russians - consumers and criminals alike - services for bypassing international sanctions that may indirectly involve U.S. financial institutions, demonstrating the need for more robust "know your customer" and anti-money laundering checks, researchers warn.

Cloud Security

US FTC Seeks Information on Cloud Provider Cybersecurity

David Perera  •  March 22, 2023

The U.S. Federal Trade Commission is asking for public comment on cloud computing provider business and security practices. The top three providers - AWS, Microsoft Azure and Google Cloud - account for approximately two-thirds of worldwide cloud spending, which reached nearly $250 billion in 2022.