RBI's 'Positive Pay' System: Essential Security Steps

Geetha Nandikotkur • October 23, 2020

In an effort to ramp up the fight against fraud, the Reserve Bank of India next year will launch a "Positive Pay" system of verifying information about checks with a value at $700 or more. Bank CISOs face the big task of securing the huge new flow of data.

Fraud Management & Cybercrime

Criminals Still Going Crazy for Cryptocurrency

Latest

Fraud Management & Cybercrime

Phishing Campaign Mimics Microsoft Teams Alerts

Chinmay Rautmare • October 23, 2020

Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials.

Forensics

LockBit Ransomware Uses Automation Tools to Pick Targets

Prajeet Nair • October 23, 2020

The operators behind the LockBit ransomware strain use automation tools and techniques that help the malware quickly spread through a compromised network and also assist in picking specific targets, according to Sophos.

Critical Infrastructure Security

Analysis: The Significance of Russian Hackers' Indictment

Anna Delaney • October 23, 2020

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

Breach Notification

Indian Pharmaceutical Company Investigates Security Incident

Prajeet Nair • October 22, 2020

Dr. Reddy's Laboratories, a multinational pharmaceutical company based in India that's testing a COVID-19 vaccine, says it isolated its data center services Thursday following what it calls a "detected cyberattack."

Cyberwarfare / Nation-State Attacks

Elite Russian Sandworm Hackers' Epic OPSEC Problem

Mathew J. Schwartz • October 22, 2020

An indictment unsealed this week demonstrates the degree to which Western intelligence agencies have apparently been able to infiltrate the Russian intelligence apparatus to trace attacks back to specific agencies - and individual operators. Shouldn't Russian spies have better operational security?

Cyberwarfare / Nation-State Attacks

Analysis: Can Russia's Cyber Destruction Appetite Be Curbed?

Mathew J. Schwartz • October 21, 2020

The U.S. indictment charging that six Russian GRU military intelligence officers were responsible for numerous cyberattacks highlights Moscow's seemingly unending appetite for online destruction. Experts say more than indictments will be required to curb such activity.

DevSecOps

Getting Visibility Into Open Source Components

Suparna Goswami • October 21, 2020

Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?

Finance & Banking

Home Loan Trading Platform Exposes Mortgage Documentation

Jeremy Kirk • October 21, 2020

MAXEX, a company that develops a digital trading platform for the secondary mortgage market in the U.S., leaked 9 GB of internal documentation as well as full mortgage applications for 23 individuals. The data was released by a Swiss-based developer who apparently was unaware it was sensitive.

Cyberwarfare / Nation-State Attacks

6 Takeaways: Russian Spies Accused of Destructive Hacking

Mathew J. Schwartz • October 20, 2020

U.S. officials have accused the Russian government of behaving "maliciously or irresponsibly" by taking steps such as crashing Ukraine power grids in the dead of winter and causing more than $10 billion in damages via NotPetya malware. But why make the accusations now? And how might Moscow respond?

Cyberwarfare / Nation-State Attacks

Cybersecurity's Inconvenient Truth: The Nation-State Threat

Tom Field • October 20, 2020

Has the nation-state threat become like the weather - something everyone talks about, but no one can do anything about? It's time for a strategic change. A panel of experts offers a frank discussion of nation-state actors, their ongoing intrusions and what "taking off the gloves" might look like.

Cyberwarfare / Nation-State Attacks

6 Russians Indicted for Destructive NotPeyta Attacks

Scott Ferguson , Doug Olenick • October 19, 2020

The U.S. Justice Department unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee • October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.