Cybercrime Tool Prices Continue to Rise on Darknet Sites

Akshaya Asokan • October 17, 2019

The prices for specific types of cybercriminal tools on darknet sites continue to rise, according to a recent analysis by security firm Flashpoint. Payment card and passport data remain the most sought-after commodities on these forums, research shows.

Cybercrime

Imperva's Breach Post-Mortem: API Key Left Exposed

Latest

Cybercrime

Darknet Markets: As Police Crack Down, Cybercriminals Adapt

Nick Holland • October 18, 2019

The latest edition of the ISMG Security Report discusses the shutdown of DeepDotWeb. Plus, dealing with breach fatigue and the Pitney Bowes ransomware attack.

Cybercrime

Phorpiex Botnet Behind Large-Scale 'Sextortion' Campaign

Apurva Venkat • October 17, 2019

Scammers are using the notorious Phorpiex botnet as part of an ongoing "sextortion" scheme, according to Check Point researchers. At one point, the botnet was sending out over 30,000 spam emails an hour and the attackers made about $110,000 in five months, researchers say.

3rd Party Risk Management

Robotic Process Automation: Security Essentials

Suparna Goswami • October 17, 2019

Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.

Application Security

How 'Zero Trust' Better Secures Applications and Access

Jeremy Kirk • October 17, 2019

Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.

Blockchain & Cryptocurrency

'Graboid' Cryptojacking Worm Spreads Through Containers

Jeffrey Burt • October 16, 2019

Attackers are using Docker containers to spread a cryptojacking worm in a campaign dubbed "Graboid," according to researchers at Palo Alto Network's Unit 42 threat research unit. Although the researchers describe the campaign as "relatively inept," they says it has the potential to become much more dangerous.

Blockchain & Cryptocurrency

Phony Company Used to Plant macOS Malware: Report

Apurva Venkat • October 16, 2019

Security researchers have found that a hacking group, which may have North Korean ties, recently created a phony company offering a cryptocurrency exchange platform as a step toward planting malware on the macOS devices of employees of cryptocurrency exchanges.

CISO Trainings

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

Information Security Media Group • October 16, 2019

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization...

Endpoint Security

IoT in Vehicles: The Trouble With Too Much Code

Jeremy Kirk • October 16, 2019

The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of BlackBerry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.

Blockchain & Cryptocurrency

Libra Association Launched Amidst Defections, Congressional Scrutiny

Akshaya Asokan • October 15, 2019

The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

Cybercrime

FIN7 Gang Returns With New Malicious Tools: Researchers

Apurva Venkat • October 15, 2019

Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Governance

Report: Hackers Spied on Moroccan Human Rights Activists

Akshaya Asokan • October 15, 2019

Hackers apparently used sophisticated spying tools to plant malware on the smartphones of two human rights activists in Morocco, according to Amnesty International.

3rd Party Risk Management

Analysis: New ISO Privacy Standard

Suparna Goswami • October 15, 2019

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.