Security News

Eliminate guesswork and get in-depth insights and practical recommendations for navigating the ever-changing cybercrime landscape. This data-laden, incident-rich report delivers insider information on the players, their motivations, tactics and targets so you can make informed security strategy decisions.

A newly released report offers a glimpse into how European Union authorities are applying the General Data Protection Regulation to some of the biggest U.S. technology firms, including social media giants Facebook and Twitter. What makes Ireland a bellwether for GDPR is that many U.S. technology firms, including Apple, Facebook and Google, have designated Ireland as their "Main establishment" in the EU. Under GDPR, that enables them to qualify for a one-stop-shop mechanism, which ensures that the data protection authority in that country takes the lead on any EU privacy investigations.

Like many other BEC scammers, this group primarily runs its activities from Nigeria, but it also has operations in Ghana and Kenya, according to the report. Although the BEC gang originally focused on more traditional check fraud when it started operations in 2013, the group switched to BEC schemes starting around mid-2017, the researchers determined.

Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to hide their malicious activity, evade security controls and steal a wide range of confidential data. In a report sponsored by cryptographic key and digital certificate management firm Venafi, AIR Worldwide suggests the cost to U.S. business is between $15 billion and $21 billion; or between 9% to 13% of the total U.S. economic loss caused by cyber events.

Security teams are also more confident about their data breach response plans, even though the number is only 57%. Experian and the Ponemon Institute shared the state of data breaches and defenses against these attacks in the seventh annual "Is Your Company Ready for a Big Data Breach?" report. Experian has firsthand experience with a massive data breach.

A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers. While Defense Department officials did not provide specifics about the data breach, such as when it happened or how many individuals may have been affected, the notification letter refers to a data breach of a system hosted by the agency.

The phishing campaign apparently started earlier this year and has since slowed down, according to IBM. SMS Phishing. In their report, IBM researchers attribute the increasing spread of Emotet to a group that they refer to as the "Mealybug gang." After a lull of several months, Emotet resurfaced in September 2019, and it has been spreading rapidly since.

More than 400 vulnerabilities affecting industrial control systems were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in the previous year.

A newly identified hacking group has been targeting gambling companies in Asia, the Middle East and Europe, using backdoors to steal source code and other data, according to new research from security firm Trend Micro. The APT group was first discovered in the summer of 2019 by the consultancy Talent-Jump Technologies, which was conducting an incident response operation for a client located in the Philippines when it came across a never-before-seen backdoor connected to these hackers, according to the Trend Micro report.

Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports. On Thursday, a MGM Resorts spokesperson confirmed to Information Security Media Group that the company was hit by a data breach in the summer of 2019, when attackers accessed a "Cloud server" that contained some details about guests who had visited the company's hotels and resorts.