The House of Commons released this photograph in response to Facebook CEO Mark Zuckerberg's failure to testify on Nov. 27. 2018, before its probe into disinformation and "fake news."

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Mathew J. Schwartz • February 20, 2019

Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable. But Parliament's probe into disinformation and "fake news" reserves special scorn for Facebook CEO Mark Zuckerberg.

Business Continuity/Disaster Recovery

US Air Force Veteran Charged in Iran Hacking Scheme

Latest

Authentication

Password Managers Leave Crumbs in Memory, Researchers Warn

Jeremy Kirk • February 20, 2019

A security audit of popular password managers has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Cyberwarfare / Nation-state attacks

Suspected State-Sponsored Hackers Pummel US and Australia

Jeremy Kirk • February 19, 2019

Recent apparently state-sponsored hack attacks have hit dozens of companies in the U.S. and political parties in Australia. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.

Blockchain & Cryptocurrency

Protecting Cryptocurrency in the Era of 'Deep Fakes'

Nick Holland • February 15, 2019

The latest edition of the ISMG Security Report highlights how thieves can use "deep fake" photos in an attempt to steal cryptocurrency. Also featured: A discussion of the implications of "data gravity" and an analysis of whether the era of mega-breaches is ending.

Anti-Fraud

Roses Are Red, Romance Scammers Make You Blue

Mathew J. Schwartz • February 14, 2019

This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017, while in the U.K., Action Fraud says reported romance scam losses in 2018 topped $64 million.

Cloud Security

Data Gravity: Will It Weigh Down Cloud Security?

Nick Holland • February 13, 2019

The 2019 RSA Conference offers an opportunity to learn about new concepts across all aspects of cybersecurity. One such area is "data gravity," which will be the topic of a session featuring Microsoft's Diana Kelley and Sian John. They discuss the concept in a joint interview.

Breach Preparedness

Battling Big Breaches: Are We Getting Better?

Mathew J. Schwartz • February 13, 2019

What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.

Application Security

Major Flaw in Runc Poses Mass Container Takeover Risk

Jeremy Kirk • February 12, 2019

Red Hat, Amazon and Google have issued fixes for a serious container vulnerability. The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk.

Cybercrime

No-Deal Brexit Threatens British Crime Fighting

Mathew J. Schwartz • February 12, 2019

British police say they're doing their best to cope with the possibility that the U.K. will crash out of the EU in 45 days and lose access to joint policing resources. But Richard Martin of the Met Police says replacements "will not be as efficient or effective as the tools we currently use."

Endpoint Security

Apple Update: Drop Everything and Patch iOS

Mathew J. Schwartz • February 8, 2019

Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime. Apple says it compensated the teenager who reported the FaceTime flaw and gave him an extra gift toward his tuition.

Cybercrime

Hack Attack Breaches Australian Parliament Network

Mathew J. Schwartz • February 8, 2019

Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.

Critical Infrastructure Security

Assessing US Vulnerability to a Nation-State Cyberattack

Nick Holland • February 8, 2019

The latest edition of the ISMG Security Report features a summary of alarming new findings about the ability of the U.S. to counter a nation-state malware attack. Plus, a discussion of "fusion centers" at banks and an update on the targeting of Webstresser subscribers.

Big Data

German Antitrust Office Restricts Facebook Data Processing

Mathew J. Schwartz • February 7, 2019

Germany's competition authority, the Bundeskartellamt, has prohibited Facebook from combining user data from different sources unless users consent, and it has also prohibited Facebook from blocking users who do not provide this consent. Facebook has one month to appeal the antitrust decision.