Latest

Business Email Compromise (BEC)

FBI Arrests Nigerian Suspect in $11 Million BEC Scheme

Scott Ferguson  •  August 19, 2019

The FBI has arrested a Nigerian businessman for allegedly carrying out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar.

Breach Notification

Texas Pummeled by Coordinated Ransomware Attack

Mathew J. Schwartz  •  August 19, 2019

State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning. Security experts say attackers continue to pummel local governments, and illicit profits have been rising.

►

3rd Party Risk Management

Using AI to Proactively Address Third-Party Risk

Varun Haran  •  August 19, 2019

Third-party risk assessments need to be ongoing, and artificial intelligence can play an important role, says Microsoft's Abbas Kudrati.

►

DevSecOps

The State of API Security

Varun Haran  •  August 19, 2019

The lifecycle of security needs to match the lifecycle of APIs, which get replaced very frequently, says Jacques Declas of 42Crunch.

►

Governance

Effectively Addressing Policy Change Management

Varun Haran  •  August 19, 2019

Organizations need to move away from manual processes and take an automated approach to policy change management, says Baruch Thee of Tufin.

Fraud Management & Cybercrime

Analysis: The Growth of Mobile Fraud

Nick Holland  •  August 19, 2019

Why is fraud that originates on mobile devices growing at such a rapid rate? Brooke Snelling and Melissa Gaddis of iovation offer an analysis in this joint interview.

Cybercrime

European Central Bank Closes a Website Following Hack

Scott Ferguson  •  August 16, 2019

The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.

Business Email Compromise (BEC)

Phishing Scheme Uses Google Drive to Avoid Security: Report

Akshaya Asokan  •  August 16, 2019

A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.

Account Takeover

The Renaissance of Deception Technology

Nick Holland  •  August 16, 2019

This edition of the ISMG Security Report discusses the latest improvements in deception technology and how best to apply it. Also featured: a report on the growth of mobile fraud, plus insights on Merck's experience recovering from a NotPetya attack.

Cybercrime

Prosecutors Allege Capital One Suspect Stole From Many Others

Scott Ferguson  •  August 15, 2019

Paige A. Thompson, who's been arrested on a charge of hacking into Capital One's network and taking the personal and financial data of 106 million individuals, is also suspected of stealing information from over 30 other organizations, according to new court documents.

Active Defense & Deception

Making the Most of an Investment in Deception Technology

Jeremy Kirk  •  August 15, 2019

Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.

Biometrics

Biometric Security Vendor Exposes Fingerprints, Face Data

Jeremy Kirk  •  August 15, 2019

A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.