It's déjà vu "FBI vs. Apple" all over again, as Reuters reports that the Justice Department is seeking to compel Facebook to build a backdoor into its Messenger app to help the FBI monitor an MS-13 suspect's voice communications.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
Data science is playing a fundamental role in a more dynamic approach to cybersecurity, says Jim Routh, CISO of Aetna, who stresses the importance of applying machine learning to front-line data security controls. Routh will be a featured speaker at the ISMG Security Summit in New York Aug. 14-15.
To better counter threats carried by content - email, attachments, files - Deep Secure's Simon Wiseman says organizations should investigate content threat removal, which involves extracting required data from content and discarding the rest.
European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.
The White House, fearing China is spying on phone calls, has suggested that the U.S. government take a primary role in marshaling the development of secure 5G networks. But would nationalizing 5G networks make them more secure?
An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.
Email, which is too easily spoofed, phished or taken over, remains a leading cybersecurity risk. But finally, after years of pushing, the Domain-based Message Authentication, Reporting and Conformance standard, or DMARC is helping to bolster email security, says Phil Reitinger, CEO of the Global Cyber Alliance.
Former Trump campaign aide George Papadopoulos learned that Russia had thousands of pilfered emails containing "dirt" on Hillary Clinton three months before they appeared online, according to court documents.
An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.
Two Russian hackers, members of a group called "Shaltay-Boltai" - Humpty Dumpty in Russian - that stole and sold high-level Russian officials' emails, have been sentenced to serve three years in prison. The case against them may tie to a high-profile Russian treason investigation.
In the wake of the surge in business email compromise incidents, many organizations have implemented new anti-phishing controls. But the attackers are countering the counter-measures, says Agari's Wes Dobry. What is the best response?
Opportunistic attackers may have breached some Parliament email accounts by brute-force guessing their way into accounts with weak passwords. But such a breach is hardly the "cyberattack" some are making it out to be.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.