Security News > 2020

Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. Once alerted, Microsoft quickly closed the hole, investigated the breach, communicated to customers, and graciously thanked the security researchers.

The latest edition of the ISMG Security Report offers an analysis of fresh details on the hacking of Amazon CEO Jeff Bezos' iPhone. Also featured: an update on Microsoft's exposure of customer...

A Russian national pleaded guilty Thursday to running a website that helped people commit more than $20 million in credit-card fraud. Aleksei Burkov, 29, of St. Petersburg, Russia, entered the plea to charges including fraud and money laundering in a federal court in Alexandria.

The privacy mechanism implemented by Apple's Safari browser to prevent user tracking across websites is not efficient at protecting users' privacy, Google security researchers have discovered. Called Intelligent Tracking Prevention, the system is meant to prevent websites commonly loaded in a third-party context from receiving identifiable information about the user.

If there is one work-related New Year's resolution I'd like CISOs to make as we enter 2020, it's to give the challenge of third-party cyber risk the attention it needs. If CISOs continue to focus cybersecurity tools and resources within the company perimeter, they are fighting the wrong battle in an increasingly multi-front cybersecurity war.

Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals' continued focus on compromising individual end users, a Proofpoint survey reveals. The volume of reported messages jumped significantly year over year, with end users reporting more than nine million suspicious emails in 2019, an increase of 67 percent over 2018.

Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run. A survey by researchers at the security firm Proofpoint found that 33 percent of organizations infected with ransomware opted to pay the ransom.

The proliferation of real-time payments platforms, including person-to-person transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks. "While the convenience of real-time payments is great news for customers, increasingly, banks have zero time to clear a transaction or payment. AI can't slow down the clock, but it can help create systems that are radically quicker to recognize a transaction that smells likely to be fraudulent," said Dan McConaghy, president of FICO in Asia Pacific.

A 29-year-old Russian scumbag has admitted masterminding the Cardplanet underworld marketplace as well as a second forum for elite fraudsters. Aleksei Burkov appeared in a US federal district court in Virginia this week to plead guilty [PDF] to access device fraud, and conspiracy to commit computer intrusion, identity theft, wire and access device fraud, and money laundering.

BigID, the leader in personal data privacy and protection, announced their Discovery-In-Depth technology to provide organizations with unprecedented visibility and insight into personal and crown jewel data. The new technology builds on BigID's patented Correlation technology for finding any Personal Information and sensitive data, across any data store or pipeline, and correlating it back to a person so as to address critical CCPA and GDPR use cases like personal data rights.