Source: Group-IB

Joker's Stash Celebrates Turkey Day With Stolen Card Data

Mathew J. Schwartz • December 11, 2019

The notorious Joker's Stash carder marketplace has recently listed for sale 460,000 records, including four "Turkey-Mix" batches that feature never-before-seen payment card data that traces to Turkey's 10 largest banks, says cybersecurity firm Group-IB.

Account Takeover

TrueDialog Unsecure Database Exposes SMS Data: Report

Latest

Endpoint Security

Intel Chips Vulnerable to 'Plundervolt' Attack

Jeremy Kirk • December 11, 2019

Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys. The findings are the latest bad news for Intel as researchers have dug deep into its chip architecture.

Endpoint Security

McAfee Considers Purchase of NortonLifeLock: Report

Akshaya Asokan • December 11, 2019

McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter."

Business Continuity Management / Disaster Recovery

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Jeremy Kirk • December 10, 2019

Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files.

Cybercrime

Vietnamese APT Group Targets BMW, Hyundai: Report

Akshaya Asokan • December 10, 2019

German automaker BMW was hit by suspected Vietnamese hackers in an apparent industrial espionage attack, German media outlet Bayerischer Rundfunk reports, adding that the same attackers apparently also targeted South Korea's Hyundai. Experts say Vietnamese government-backed APT attackers are on the rise.

Encryption & Key Management

Quantum-Proof Cryptography: What Role Will It Play?

Suparna Goswami • December 10, 2019

CISOs need to begin investigating the use of quantum-proof cryptography to ensure security is maintained when extremely powerful quantum computers that can crack current encryption are implemented, says Professor Alexander Ling, principal investigator at the Center for Quantum Technologies in Singapore.

Finance & Banking

A $200,000 Internet Fraud: Will Anyone Investigate?

Jeremy Kirk • December 9, 2019

Internet crime has grown so rapidly that law enforcement is outpaced. Here's the story of how a Manhattan doctor lost $200,000 in an internet scam, and why he's struggling to get law enforcement's attention.

Cybercrime

Wiper Malware Targets Middle Eastern Energy Firms: Report

Akshaya Asokan • December 6, 2019

A new malware campaign suspected of being tied to Iran has been targeting companies in the energy and industrial sectors in the Middle East, according to a report from IBM X-Force.

Artificial Intelligence & Machine Learning

AI, Machine Learning and Robotics: Privacy, Security Issues

Marianne Kolbasuk McGee • December 6, 2019

The use of artificial intelligence, machine learning and robotics has enormous potential, but along with that promise come critical privacy and security challenges, says technology attorney Stephen Wu.

Endpoint Security

Analysis: Smart TV Risks

Nick Holland • December 6, 2019

The latest edition of the ISMG Security Report offers an analysis of the FBI's security and privacy warnings about smart TVs. Also featured: discussions on the security of connected medical devices and strategies for fighting synthetic identity fraud.

Cybercrime

Skimming Campaign Leveraged Heroku Cloud Platform: Report

Akshaya Asokan • December 5, 2019

Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.

3rd Party Risk Management

John Halamka on Privacy, Security of Mayo Clinic Platform

Marianne Kolbasuk McGee • December 5, 2019

In an in-depth interview, John Halamka, M.D., the former long-time CIO at Beth Israel Deaconess Medical Center in Boston, discusses his upcoming move to head Mayo Clinic's global digital health initiative in collaboration with Google - and why privacy and security are so critical to those efforts.

Endpoint Security

Cybersecurity Defenders: Channel Your Adversary's Mindset

Mathew J. Schwartz • December 4, 2019

A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy.