Etay Maor, chief security officer, IntSights

The Dark Web's Automobile Hacking Forums

Jeremy Kirk • November 14, 2019

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

Cybercrime

Following Massive Breach, Capital One Replacing CISO: Report

Latest

Cybercrime

7 Takeaways: Insider Breach at Twitter

Mathew J. Schwartz • November 15, 2019

Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Anti-Phishing, DMARC

Phishing Campaigns Spoof Government Agencies: Report

Akshaya Asokan • November 15, 2019

A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S. Postal Service, in an effort to plant malware in victims' devices and networks via phishing campaigns, according to new research from Proofpoint.

Cyberwarfare / Nation-State Attacks

Risky Dialing: Trump Call Raises Security Worries

Jeremy Kirk • November 15, 2019

A House impeachment hearing has revealed that President Donald Trump spoke by phone with a key ambassador - who was sitting in a Kiev restaurant - about "investigations." If that mobile phone call was unsecured, security experts say, foreign intelligence agencies could have intercepted it.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Business Continuity Management / Disaster Recovery

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Akshaya Asokan • November 14, 2019

Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

'Devaluing' Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

PCI Standards

Verizon: Companies Failing to Maintain PCI DSS Compliance

Nick Holland • November 12, 2019

Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.

Governance

Insider Threat: Greater Risk Mitigation Required

Mathew J. Schwartz • November 11, 2019

Too many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious actors or model employees who make mistakes that unintentionally lead to a data breach, says Veriato's Chris Gilkes.

General Data Protection Regulation (GDPR)

Privacy Nirvana: Some Assembly Still Required

Mathew J. Schwartz • November 11, 2019

Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.

Governance

Data Breach Defense: Email and File Lockdown

Mathew J. Schwartz • November 11, 2019

Preventing data breaches requires safeguarding information, and for many organizations that means having strong controls in place to protect email as well as files, says Zivver's Olivier Paling.

Governance

'Digital Climate Change': An Inconvenient Truth

Mathew J. Schwartz • November 11, 2019

Too many organizations continue to use digital assets and infrastructure even when they can see that they have information security problems and deficiencies that they're failing to fix, says cybersecurity expert John Walker.