Singapore's 'Fake News' Law Enforcement Draws Criticism

Suparna Goswami • December 5, 2019

Singapore's recent order requiring Facebook to label a blog critical of the ruling government as "false" has drawn harsh criticism. And the action calls into question how the country's new Protection from Online Falsehoods and Manipulation Act might be used to suppress free speech.

Endpoint Security

Hackers Steal $49 Million in Ethereum From Upbit Exchange

Latest

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.

Governance

GOP Federal Privacy Bill Would Supersede CCPA

Suparna Goswami • December 5, 2019

After several moves by Democrats to introduce federal privacy legislation, Republican Senator Roger Wicker on Tuesday unveiled a draft consumer privacy bill, the United States Consumer Data Privacy Act of 2019, that would override various state laws on privacy, including the California Consumer Privacy Act.

Endpoint Security

FBI Warns of Smart TV Dangers

Jeremy Kirk • December 4, 2019

The FBI has a new suspect in its sights, and there's one in nearly every home: smart TVs. It warns consumers to be wary because the devices can pose privacy and security threats - an unsecured smart TV could be the avenue hackers use to gain access to a home network.

Cybercrime

New Malware Campaign Uses Trojanized 'Tetris' Game: Report

Akshaya Asokan • December 3, 2019

A new malware campaign uses a Trojanized version of the game Tetris to target healthcare and educational institutions for credential stealing, according to Blackberry Cylance. Analysts have observed evidence of the threat actors attempting to deliver ransomware with the 'PyXie' Trojan.

3rd Party Risk Management

Analysis: Vendor Contract Changes Under CCPA

Suparna Goswami • December 3, 2019

Getting the proper vendor contracts completed is a top concern for organizations preparing to comply with the California Consumer Privacy Act, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.

Application Security

Mixcloud Breach Affects 21 Million Accounts

Jeremy Kirk • December 2, 2019

Digital streaming platform Mixcloud says it's the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet. The data on 21 million users is for sale in an underground market.

Anti-Phishing, DMARC

Google: Government-Backed Hackers Targeted 12,000 Users

Akshaya Asokan • November 29, 2019

Google has directly warned more than 12,000 users across 149 countries that they have been targeted by government-backed hackers. Google says the attack attempts occurred in the third quarter of this year and targeted users of such services as Gmail, Drive and YouTube.

3rd Party Risk Management

Security Firm Prosegur Hit By Ryuk Ransomware

Jeremy Kirk • November 29, 2019

Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms. Prosegur isn't revealing much detail but says it is in the process of restoring services.

Encryption & Key Management

The Threat of Ransomware and Doxing

Nick Holland • November 29, 2019

The latest edition of the ISMG Security Report discusses new combination ransomware and doxing attacks. Plus, Twitter drops phone numbers in 2FA, and why we need to consider quantum cryptography today.

Account Takeover

Facebook Breach Victims Can Sue For 'Reasonable' Security

Mathew J. Schwartz • November 28, 2019

Victims of a massive 2018 Facebook data breach can continue a class-action lawsuit to try and force the social network to maintain "reasonable" information security practices, a federal judge has ruled. But he dismissed the plaintiff's attempt to receive monetary compensation for the breach.

Account Takeover

Magento Marketplace Suffers Data Breach, Adobe Warns

Jeremy Kirk • November 28, 2019

Adobe says its e-commerce Magento Marketplace has been breached, exposing usernames, email addresses and more. The software giant has yet to detail how many users were affected or the breach duration. Unfortunately, the stolen data could be used to fuel phishing attacks.

Events

A CISO, a CIO and a CTO Discuss Cybersecurity Strategies

Geetha Nandikotkur • November 27, 2019

The cross-functional groups across enterprises need to be held equally accountable for cybersecurity, viewing security is a business enabler. That was the consensus of a CISO, CTO and a CIO who participated in a panel discussion at ISMG's recent Cybersecurity Summit in Mumbai.