Investigators Probe Attacks on At Least 3 Bangladesh Banks

Suparna Goswami • June 26, 2019

Authorities in Bangladesh are investigating hacker attacks against at least three banks in that nation last month. Dutch Bangla Bank Ltd. lost as much as $1.4 million in an attack, which apparently involved planting malware in an ATM switch, according to news reports.

Cyberwarfare / Nation-state attacks

A CISO Offers Third-Party Risk Management Tips

Latest

Blockchain & Cryptocurrency

Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe

Mathew J. Schwartz • June 26, 2019

Six suspects have been arrested as part of a 14-month international police probe into the theft of at least $28 million worth of bitcoin cryptocurrency from more than 4,000 victims in at least 12 countries. Investigators say attackers appear to have "typosquatted" legitimate bitcoin exchange sites.

Governance

Cloudflare Criticizes Verizon Over Internet Outage

Jeremy Kirk • June 26, 2019

Cloudflare was unsparing in its criticism of Verizon over a BGP snafu that hampered 15 percent of its global traffic, as well as traffic of Amazon and Google. Verizon's error underscores that much heavy lifting remains to make critical internet infrastructure secure.

General Data Protection Regulation (GDPR)

GDPR: Where Do We Go From Here?

Mathew J. Schwartz • June 25, 2019

Even though the EU's General Data Protection Regulation has been in effect for more than a year, it's no privacy panacea, says (TL)2 Security founder Thom Langford. While GDPR has reframed the global privacy discussion, room for improvement remains, he explains in this interview.

Application Security

Reinventing Application Security

Nick Holland • June 25, 2019

Bob Egner of Outpost24 discusses the challenges involved in improving application security and whether DevSecOps is a "silver bullet."

Governance

Risk and Resilience: Finding the Right Balance

Mathew J. Schwartz • June 25, 2019

Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher.

Cyberwarfare / Nation-state attacks

DHS: Conflict With Iran Could Spur 'Wiper' Attacks

Jeremy Kirk • June 24, 2019

Iran is increasing its malicious cyber activity against the U.S, which could manifest in attacks that render computers unusable, a top U.S. cybersecurity official says. The warning comes after the U.S. reportedly targeted Iranian computer systems in response to the downing of a surveillance drone.

Cybercrime

Alleged AlphaBay Moderator Faces Racketeering Charge

Scott Ferguson • June 24, 2019

An alleged moderator of the AlphaBay underground marketplace has been indicted for facilitating sales on the darknet site before law enforcement shut it down.

3rd Party Risk Management

Developing a Robust Third-Party Risk Management Program

Suparna Goswami • June 24, 2019

Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.

Cybercrime

Hacked With Words: Email Attack Sophistication Surges

Mathew J. Schwartz • June 21, 2019

The early days of email attacks - so much noise in the form of malware, spam and links - have given way to attacks that often rely on little more than words, and email gateways often struggle to arrest social engineering ploys, says Michael Flouton of Barracuda Networks.

Fraud Management & Cybercrime

Life Beyond Blocking: Adopting Behavior-Based Cybersecurity

Mathew J. Schwartz • June 21, 2019

Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection also requires real-time reaction to actual user behavior, says Carl Leonard of Forcepoint.

Privileged Access Management

Privileged Attack Vectors: Key Defenses

Mathew J. Schwartz • June 21, 2019

Attackers crave insider-level access to IT infrastructure and regularly target insiders - and especially administrators- to steal their credentials, says BeyondTrust's Karl Lankford, who advises organizations to ensure they manage, monitor and audit all privileged access.

Identity & Access Management

Mitigating Insider Threats With IAM

Nick Holland • June 21, 2019

Provisioning and deprovisioning employee credentials is a critical component of mitigating insider threats, says Andrew Clarke of One Identity, who discusses the importance of identity and access management.