Creating a Blueprint for Blockchain in Banking

Suparna Goswami • January 24, 2019

The Indian Institute for Development and Research in Banking Technology is reportedly working with the Indian government, banks and others to create an interoperable blockchain platform to improve security in the financial services sector. In a blueprint, it offers a roadmap for adoption of the technology.

Anti-Malware

The Move to Tokenization Spreads

Latest

Data Breach

France Hits Google with $57 Million GDPR Fine

Jeremy Kirk • January 22, 2019

France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. The country's data regulator says Google doesn't inform users in a clear way how their data is being collected and processed for targeted advertising.

Cybercrime

Dharma Gang Pushes Phobos Crypto-Locking Ransomware

Mathew J. Schwartz • January 22, 2019

Fresh strains of ransomware are being distributed by attackers who gain remote access to organizations' networks to infect them with Phobos, as well as via cracked-software sites that share adware installers inside which STOP ransomware has been hidden.

Data Loss

Report: Federal Trade Commission Weighs Facebook Fine

Jeremy Kirk • January 21, 2019

The U.S. Federal Trade Commission is close to concluding its investigation into Facebook over the Cambridge Analytica scandal, the Washington Post reports, noting that the social network may face a record-setting fine, exceeding the $22.5 million fine the FTC in 2012 slammed on Google.

Breach Preparedness

Ransomware: A Pervasive, Evolving Threat

Nick Holland • January 18, 2019

Leading the latest edition of the ISMG Security Report is an in-depth look at why ransomware remains a pervasive threat and how it's evolving. Also featured: updates on venture capital investments in cybersecurity and a study of vulnerabilities in industrial remotes.

Cybersecurity

Venture Capital Pours Into Cybersecurity

Nick Holland • January 18, 2019

Venture capitalists invested $5.3 billion in cybersecurity companies in 2018, about 20 percent more than in 2017 and twice as much as 2016, according to research from Strategic Cyber Ventures. What's ahead for 2019 and beyond?

Application Security

Airline Booking System Exposed Passenger Details

Jeremy Kirk • January 17, 2019

Airline booking system provider Amadeus - whose system is used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.

Authentication

Data Breach Collection Contains 773 Million Unique Emails

Mathew J. Schwartz • January 17, 2019

Australian security expert Troy Hunt says an 87 GB compilation of username and password combinations - drawn from more than 2,000 databases - includes 773 million unique email addresses for apparent use in credential-stuffing attacks. Takeaway: Use a unique password for every site, or else.

Cybercrime

Insider Trading: SEC Describes $4.1 Million Hacking Scheme

Mathew J. Schwartz • January 16, 2019

The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.

Cybersecurity

Your Garage Opener Is More Secure Than Industrial Remotes

Jeremy Kirk • January 16, 2019

Radio controllers used in the construction, mining and shipping industries are vulnerable to hackers, Trend Micro says in a new report. To address the issue, researchers say, manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy.

Cybercrime

Ransomware Claims to Fund Child Cancer Treatments

Mathew J. Schwartz • January 15, 2019

Ransomware attacks continue, with the city of Del Rio, Texas, saying its operations have been disrupted by crypto-locking malware. Meanwhile, CryptoMix ransomware urges victims to pay ransoms, claiming it will fund treatments for seriously ill children, while GandCrab gets distributed via malvertising attacks.

Governance

Hard-Coded Credentials Found in ID, Access Control Software

Jeremy Kirk • January 15, 2019

Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.

Application Security

Why Software Bugs Are So Common

Suparna Goswami • January 15, 2019

The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.