Nicholas Palmer, head of international business development at Group-IB

Protecting Ecommerce Sites From Card Data Theft

Suparna Goswami • February 18, 2020

The posting of Indian payment card details for sale on the dark web is increasing. That's why it's so important that ecommerce sites check their systems for vulnerabilities, says Nicholas Palmer, head of international business development at Group-IB.

General Data Protection Regulation (GDPR)

India's Proposed Budget: The Data Security Priorities

Latest

Cybercrime

Unpatched VPN Servers Hit by Apparent Iranian APT Groups

Scott Ferguson • February 18, 2020

Unpatched Fortinet, Palo Alto and Pulse Secure VPN servers, as well as Citrix gateways, continue to be targeted by hackers, who are exploiting critical flaws to install backdoors inside corporate networks. Security firm ClearSky warns that apparent Iranian APT attackers are the latest to join the fray.

Cybercrime

Google Removes 500 Chrome Extensions Tied to Malvertising

Apurva Venkat • February 17, 2020

Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. The thefts were part of a malvertising campaign that had been active for at least a year, the researchers say.

Business Continuity Management / Disaster Recovery

IBM Exits RSA Conference 2020 Over Coronavirus Worries

Mathew J. Schwartz • February 17, 2020

With IBM and seven other sponsors withdrawing from next week's RSA Conference 2020 - as worries over the China-centered outbreak of the coronavirus continue - will others follow suit?

Cyberwarfare / Nation-State Attacks

US Charges Huawei With Stealing Trade Secrets

Ishita Chigilli Palli • February 14, 2020

The U.S. Justice Department has filed new charges against Huawei and several of its subsidiaries, plus its CFO, accusing them of engaging in a conspiracy to steal trade secrets from American companies.

Application Security

Analysis: Indictments in Equifax Hack

Nick Holland • February 14, 2020

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.

Events

RSA Conference 2020: ISMG Spotlights Security Leaders

Scott Ferguson • February 14, 2020

Information Security Media Group, a premier media partner at the annual RSA Conference, will conduct over 200 video interviews at this year's event with cybersecurity thought leaders, executives, CISOs and sponsors.

Cyberwarfare / Nation-State Attacks

US Has Evidence of Huawei Backdoor: Report

Ishita Chigilli Palli • February 13, 2020

As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S. officials now say they have evidence that the firm has created a backdoor that allows it to access mobile phone networks around the world, the Wall Street Journal reports.

Events

RSA 2020: The Show Must Go On

Scott Ferguson • February 13, 2020

While public health concerns over the spread of the coronavirus are leading to the cancellation of some international events, the RSA Conference 2020 will proceed as scheduled in San Francisco Feb. 24-28.

Encryption & Key Management

CIA Secretly Owned Swiss Encryption Firm for Years: Reports

Scott Ferguson • February 12, 2020

Intelligence agencies in the United States and West Germany secretly owned a controlling stake in Swiss firm Crypto AG for decades and used their access to the company's encrypted communications equipment to spy on over 100 countries, including friends and foes alike, according to news reports.

Cybercrime

More Phishing Campaigns Tied to Coronavirus Fears

Ishita Chigilli Palli • February 11, 2020

As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets.

Cybercrime

WiFi: A New Way to Spread Emotet Malware

Akshaya Asokan • February 11, 2020

Security researchers have found that the developers of the Emotet Trojan have created a new way to spread it to more victims - attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.

Governance

NIST Privacy Framework: The Implementation Challenges

Suparna Goswami • February 11, 2020

Although NIST's new privacy framework is agnostic toward any particular privacy law, "it gives organizations building blocks to help them meet any obligations under any particular law or jurisdiction" says Naomi Lefkovitz, a NIST senior privacy adviser.