Stolen Pakistani bank cards are being offered for sale on the Joker's Stash carder forum. (Source: Group-IB)

Big Dump of Pakistani Bank Card Data Appears on Carder Site

Mathew J. Schwartz • February 22, 2019

The notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million. Nearly all of the 70,000 bank cards are advertised as being from Meezan Bank, the country's largest Islamic bank, Group-IB reports.

Anti-Malware

Report: UK Believes Risk of Using Huawei Is Manageable

Latest

Application Security

Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

Mathew J. Schwartz • February 22, 2019

Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code. The Drupal project team has released updates to fix the problem, which is already being targeted by hackers.

Blockchain & Cryptocurrency

Password Manager Weaknesses Revealed

Nick Holland • February 22, 2019

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.

Authentication

Password Managers Leave Crumbs in Memory, Researchers Warn

Jeremy Kirk • February 20, 2019

A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Cyberwarfare / Nation-state attacks

Suspected State-Sponsored Hackers Pummel US and Australia

Jeremy Kirk • February 19, 2019

Recent apparently state-sponsored hack attacks have hit dozens of companies in the U.S. and political parties in Australia. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.

Compliance

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Mathew J. Schwartz • February 15, 2019

The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures. But the social network is alarmed about the proposed settlement agreement's terms and conditions, The Washington Post reports.

Application Security

WannaCry Hero Loses Key Motions in Hacking Case

Jeremy Kirk • February 15, 2019

A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware. The rulings could complicate the challenges for the defense team of Marcus Hutchins, who remains in the U.S.

Blockchain & Cryptocurrency

Protecting Cryptocurrency in the Era of 'Deep Fakes'

Nick Holland • February 15, 2019

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Cybercrime

US Air Force Veteran Charged in Iran Hacking Scheme

Jeremy Kirk • February 14, 2019

A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents. The case marks another damaging leak for the American government.

Anti-Fraud

Roses Are Red, Romance Scammers Make You Blue

Mathew J. Schwartz • February 14, 2019

This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017, while in the U.K., Action Fraud says reported romance scam losses in 2018 topped $64 million.

Cloud Security

Data Gravity: Will It Weigh Down Cloud Security?

Nick Holland • February 13, 2019

The 2019 RSA Conference offers an opportunity to learn about new concepts across all aspects of cybersecurity. One such area is "data gravity," which will be the topic of a session featuring Microsoft's Diana Kelley and Sian John. They discuss the concept in a joint interview.

Breach Preparedness

Battling Big Breaches: Are We Getting Better?

Mathew J. Schwartz • February 13, 2019

What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.

Application Security

Major Flaw in Runc Poses Mass Container Takeover Risk

Jeremy Kirk • February 12, 2019

Red Hat, Amazon and Google have issued fixes for a serious container vulnerability. The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk.