The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year.
Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25.
As part of the U.S. government's continuing efforts to highlight the North Korean government's cyberattacks, the U.S. Treasury Department has sanctioned three alleged North Korean hacking groups that have been blamed for the WannaCry ransomware, online bank heists and destructive malware attacks.
Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept. 14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes.
Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.
Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."
This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends.
Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.
"Cobalt Dickens," a threat group with suspected ties to Iran, is continuing its attempts to steal intellectual property from schools and universities, according to an analysis by SecureWorks. The group's work continues even though several alleged members have been indicted by the Justice Department.
The Australian government is looking to update its national cybersecurity strategy by 2020. In preparation, it's released a discussion paper that seeks input from citizens, the business community, academics and other stakeholders.
A global law enforcement operation has resulted in the arrest of 281 suspects allegedly involved in business email compromise scams. The announcement comes on the same day as the FBI's Internet Crime Complaint Center says that losses from BEC scams have hit $26 billion and are continuing to rise.
A Chinese advanced persistent threat group dubbed "Thrip" has attacked at least 12 organizations in Southeast Asia since being exposed last year, Symantec researchers say. The group appears to be linked to Billbug, another Chinese APT group that has been around for a decade.
Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.