Huawei Gets 90-Day Reprieve on Ban

Scott Ferguson • May 21, 2019

The U.S. Commerce Department will offer a 90-day reprieve to a handful of companies that conduct business with Huawei before the Trump administration's ban on the use of the Chinese company's technologies fully kicks in, the Wall Street Journal reports. Meanwhile, Google announces it will continue to work with Huawei.

Fraud Management & Cybercrime

Equifax's Data Breach Costs Hit $1.4 Billion

Latest

Data Loss

Database May Have Exposed Instagram Data for 49 Million

Jeremy Kirk • May 21, 2019

There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

Cyberwarfare / Nation-state attacks

DHS Reportedly Warns of Chinese-Made Drones Stealing Data

Scott Ferguson • May 20, 2019

The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

Governance

Cybersecurity's Week From Hell

Mathew J. Schwartz • May 20, 2019

Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?

Governance

Researchers: Aircraft Landing Systems Vulnerable

Jeremy Kirk • May 17, 2019

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.

Governance

WhatsApp's Spyware Problem

Nick Holland • May 17, 2019

The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.

Breach Preparedness

Trump Signs Executive Order That Could Ban Huawei

Jeremy Kirk • May 16, 2019

U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.

Cybercrime

Surge in JavaScript Sniffing Attacks Continues

Scott Ferguson • May 16, 2019

The magazine subscription page for Forbes magazine and two web service platforms were hit with separate skimming attacks this week, security researchers say. Attackers are increasingly using JavaScript sniffing to steal credit card and other personal data.

Governance

To Prevent Another WannaCry, Microsoft Patches Old OSs

Jeremy Kirk • May 15, 2019

Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.

Cybercrime

Hack of Japanese Retailer Exposes 460,000 Customer Accounts

Scott Ferguson • May 15, 2019

Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.

Governance

Cisco's 'Thrangrycat' Router Flaw Tough to Neuter

Jeremy Kirk • May 14, 2019

Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.

Anti-Malware

Ransomware Increasingly Hits State and Local Governments

Scott Ferguson • May 14, 2019

Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers. A new analysis by threat intelligence firm Recorded Future asks: Why the discrepancy?

Authentication

Anthem Cyberattack Indictment Provides Defense Lessons

Marianne Kolbasuk McGee • May 13, 2019

The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.