Why CISOs Are Gaining Power

Geetha Nandikotkur • September 22, 2020

CISOs are gaining additional discretionary powers to make risk-based decisions, especially as organizations implement the ISO 27035-3 incident response standard, says Khawaja Mohammad Ali, CISO of a large federal bank in Pakistan.

COVID-19

Fighting Payment Fraud: Going Beyond Protecting Card Data

Latest

Account Takeover Fraud

Police Crack SMS Phishing Operation

Jeremy Kirk • September 24, 2020

Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.

Card Not Present Fraud

Battling Payment Card Fraud in the COVID-19 Era

Prajeet Nair • September 24, 2020

The shift to online shopping - and card-not-present transactions - during the COVID-19 pandemic has driven fraudsters to shift their strategies, including ramping up efforts to open fraudulent accounts, says Gord Jamieson of Visa, who offers advice on mitigating the risks.

COVID-19

COVID-19 Update: 'Live Like You're Contagious'

Tom Field • September 23, 2020

With colder weather, the flu season and the holidays ahead, the northern hemisphere is at risk of another major COVID-19 outbreak. Pandemic expert Regina Phelps says it's time to change behavior, and that starts here: "Live like you're contagious."

Cybercrime

Attacks Using Lokibot Information Stealer Surge

Akshaya Asokan • September 23, 2020

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. Fraudsters are using new methods to spread the malware.

Anti-Phishing, DMARC

Ransomware Danger: Russian-Speaking Gang Targets Russians

Mathew J. Schwartz • September 23, 2020

Russian criminals operating online who want to stay out of jail need only to follow a few simple rules, the primary one being: Never target Russians. So it's surprising that security researchers have uncovered a new ransomware-wielding gang of Russian speakers that includes Russian victims on its hit list.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Tom Field • September 22, 2020

It might be new, but are we ready to call this "normal?" In this latest in a series of CEO/CISO panels, cybersecurity leaders talk frankly about the new risk surface and the role emerging technologies play in helping us keep pace with our adversaries.

Cloud Security

As TikTok Negotiations Continue, US App Ban Gets Delayed

Prajeet Nair • September 21, 2020

TikTok and WeChat both received reprieves over the weekend that helped avert U.S. blocks of their social media apps. President Donald Trump says he has given his "blessing" to a deal that would see Oracle and Walmart take a stake in TikTok's U.S. operations. Separately, a federal judge suspended a WeChat ban.

Fraud Management & Cybercrime

The Do's and Don'ts of a Fraud Fusion Center

Suparna Goswami • September 21, 2020

The key element for a successful fraud fusion center in banking is for fraud and security teams to work together using a simple methodology to prevent, detect and resolve fraud, says technology adviser Ben Wallach, the former executive vice president and chief fraud director at BB&T, a U.S. bank holding company.

Account Takeover Fraud

Attacks Using Cerberus Banking Trojan Surge

Chinmay Rautmare • September 18, 2020

The posting on Russian underground forums of source code for the Android mobile banking Trojan Cerberus has led to an increase in attacks as well as updates to the malware, the security firm Kaspersky reports.

Blockchain & Cryptocurrency

Researchers Find Mozi Botnet Continues to Grow

Prajeet Nair • September 18, 2020

Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit. The malware is being used to launch DDoS attacks as well as mine for cryptocurrency.

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Cyberwarfare / Nation-State Attacks

US Imposes Sanctions on Iranian APT Group

Doug Olenick • September 17, 2020

The U.S. Treasury Department on Thursday imposed sanctions on an Iranian advanced persistent threat group, 45 associated individuals and a front company the Iranian government allegedly used to run a years-long malware campaign that targeted Iranian dissidents, journalists and others.