Security News > 2020 > July

The U.S. Secret Service has created the Cyber Fraud Task Forces, aimed at preventing, detecting and mitigating complex cyber-enabled financial crime - including making arrests and convictions. The Electronic Crimes Task Forces and the Financial Crimes Task Forces, the division said in a recent media statement.

Digicert is one of the Big Five commercial CAs, short for certificate authorities - companies that sign and vouch for the digital certificates that put the the S in HTTPS and the padlock in your browser's address bar. The simplest form of web certificate is called self-signed, and anyone can create a self-signed certificate in seconds that claims to represent any web property they like.

An Israeli court Monday rejected a bid by rights group Amnesty International to revoke the export license of spyware firm NSO Group over hacking allegations. NSO has faced multiple accusations of cyber-espionage on human rights activists and others, including by the messaging service WhatsApp, which is suing the company in a US court.

The United States Secret Service has announced the launch of a Cyber Fraud Task Force, created through the merger of the Electronic Crimes Task Forces and Financial Crimes Task Forces. "The creation of the new Cyber Fraud Task Force, will offer a specialized cadre of agents and analysts, trained in the latest analytical techniques and equipped with the most cutting-edge technologies. Together with our partners, the CFTFs stand ready to combat the full range of cyber-enabled financial crimes," Michael D'Ambrosio, Assistant Director, U.S. Secret Service, commented.

Microsoft's social-media-for-suits tentacle, LinkedIn, has attracted legal fire for allegedly peering at the clipboard of iOS devices. As well as doubtless making the podcast app a bit worse, the upcoming version of Apple's mobile OS also features a bunch of privacy features, including a notification telling the user when an app is reading from the device's clipboard.

A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call "a new age" of business email compromise. On July 15 at 2 p.m. ET, join Valimail Global Technical Director Steve Whittle and Threatpost for a FREE webinar, "DMARC: 7 Common Business Email Mistakes." This technical "Best practices" session will cover constructing, configuring, and managing email authentication protocols to ensure your organization is protected.

The way forward is a system that can monitor data in real time and even predict threats before they happen, according to Gurucul CEO Saryu Nayyar and COO Craig Cooper, who both recently participated in a Threatpost editorial webinar devoted to how businesses can protect against insider threats. Cooper offers a raft of independent survey data on business attitudes on insider threats as well as attack data; and follows with insights into best practices for addressing the risk, including examples of how one hospital group in Minneapolis, Minn. was able to come up with a game plan to secure Tom Brady's medical records from the tabloids during the ramp-up to the 2018 Super Bowl.

A couple of years back, Gartner introduced CARTA - a strategic approach to information security. In this document, we talk about CARTA as it applies to Web Application Security and Indusface, applicable more to threat assessment and mitigation and not as much to trust.

A Russian national accused of hacking into online platforms LinkedIn, Formspring, and Dropbox was found guilty by a United States jury last week. The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in the Czech Republic, and remained incarcerated there for two years, before being extradited to the U.S. In 2016, U.S. authorities charged Nikulin with accessing without authorization the systems of LinkedIn, Dropbox and Formspring in 2012, using stolen employee credentials.

U.S. President Donald Trump has confirmed that a cyberattack was launched in 2018 against a Russian company believed to be behind some major disinformation campaigns, including ones targeting elections. The Washington Post reported in February 2019 that the U.S. Cyber Command, supported by the NSA, had launched an attack on the Internet Research Agency, a Saint Petersburg-based firm that is said to conduct online influence operations for the Russian government.