Tennis Warehouse is one of the largest brands operated by Sports Warehouse

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Mathew J. Schwartz • May 29, 2023

Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Cybercrime

Profiles in Leadership: Michael D'Ambrosio

Latest

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Impacting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

Cybercrime

Latitude Financial Attack Costs Company Up to AU$105 Million

Mihir Bagwe • May 26, 2023

Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack.

Security Operations

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

Pegasus Spyware Spotted in Nagorno-Karabakh War

Jayant Chakravarti • May 26, 2023

Digital rights organizations detected Pegasus spyware on the devices of members of Armenian civil society during the outbreak of armed conflict over a disputed region in the South Caucasus region. Access Now called the infections the first known instance of Pegasus spyware use during war.

Fraud Management & Cybercrime

Medical Specialty Practice Says Recent Hack Affects 224,500

Marianne Kolbasuk McGee • May 26, 2023

An upstate New York medical specialty practice has reported to regulators that the information of nearly 224,500 employees and patients was compromised in a hacking incident discovered in March. Ransomware group RansomHouse claims to have downloaded 2 terabytes of the entity's data.

Artificial Intelligence & Machine Learning

OpenAI CEO Altman 'Blackmails' EU Over AI Regulation

Akshaya Asokan • May 26, 2023

ChatGPT will continue to operate inside the European Union despite warnings from OpenAI CEO Sam Altman that he's prepared to pull out from the bloc if he doesn't like regulations being prepared in Brussels. European lawmakers earlier this month proposed new obligations for AI models such as GPT.

Cyberwarfare / Nation-State Attacks

ISMG Editors: How Ukraine's Cyber Defenders Prepped for War

Anna Delaney • May 26, 2023

In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.

Fraud Management & Cybercrime

OAuth Flaw Exposed Social Media Logins to Account Takeover

Prajeet Nair • May 25, 2023

A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

Blockchain & Cryptocurrency

Cryptohack Roundup: Tornado Cash Hack

Rashmi Ramesh • May 25, 2023

Between May 19 and 25, a hacker took control of Tornado Cash and stole $1 million, plaintiffs in a Coinbase-bankrolled lawsuit pressed for summary judgment, attackers used crypto phishing as a service to steal $6 million, Trezor hot wallet was found to possibly be buggy and Celer patched a bug.

Fraud Management & Cybercrime

Breach Roundup: Barracuda ESG Appliance Users Face Hacking

Mihir Bagwe • May 25, 2023

In the days between May 19 and May 25, the spotlight was on flaws in Barracuda Networks Email Security Gateway appliances, another GoAnywhere data breach that affected Franklin Templeton Canada and an American teenager out on bail and facing federal charges for hacking DraftKings accounts.

DDoS Protection

Mass Exploitation of Zyxel Network Appliances Underway

Mathew J. Schwartz • May 25, 2023

Versions of the Mirai botnet are targeting a vulnerability present in numerous Zyxel network devices. Zyxel patched the vulnerability in April but it's not clear how many users have applied the fix. Security experts warn the flaw appears to be exploited at a massive scale.

General Data Protection Regulation (GDPR)

5 Years of GDPR: Criticism Outweighs Positive Impact

Akshaya Asokan , Anna Delaney • May 25, 2023

Five years after the effective date of the General Data Protection Regulation, the European Union privacy law - hailed as a way to protect the privacy of citizens in an increasingly digital world - continues to be marred by criticism over its lack of effectiveness and uneven implementation.