PIR Bank headquarters in Moscow (Photo: Google)

Bank Hackers Exploit Outdated Router to Steal $1 Million

Mathew J. Schwartz • July 20, 2018

Hackers stole at least $920,000 from Russia's PIR Bank after they successfully compromised an outdated, unsupported Cisco router at a bank branch office and used it to tunnel into the bank's local network, reports incident response firm Group-IB.

Cybercrime

RiskIQ: Ticketmaster Hackers Compromised Widely Used Tools

Latest

Breach Notification

Hackers Grab 1.5 Million Patients' Details in Singapore

Mathew J. Schwartz • July 20, 2018

Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.

Cyberwarfare / Nation-state attacks

Trump's Views on Russian Election Meddling: A History

Nick Holland • July 20, 2018

This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.

Cyberwarfare / Nation-state attacks

How Trump Talks About Russian Hacking

Mathew J. Schwartz • July 19, 2018

President Donald Trump has stated that he believes the Russian government attempted to interfere in U.S. elections. But at times, he appears to have also suggested that the interference may be attributable to other countries instead.

Biometrics

Facial Recognition Backlash: Technology Giants Scramble

Mathew J. Schwartz • July 18, 2018

Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.

Cyberwarfare / Nation-state attacks

Trump's DNC 'Server' Conspiracy Rebutted

Mathew J. Schwartz • July 17, 2018

Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server. Some security experts say Trump's response was nonsense and flies in the face of good digital forensics and incident response practice.

Breach Notification

Timehop Reveals Additional Data Compromised by Hacker

Jeremy Kirk • July 16, 2018

Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.

Authentication

Australian Airport Identity Card Issuer Breached

Jeremy Kirk • July 13, 2018

An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.

Breach Response

Analysis: California's Groundbreaking Privacy Law

Nick Holland • July 13, 2018

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.

Blockchain Applications

Cryptocurrency Exchange Developer Bancor Loses $23.5 Million

Jeremy Kirk • July 11, 2018

Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange. The cause of the hack may have been a failure by Bancor to protect authentication keys that allowed for changes in its token smart contracts.

Cybercrime

Evolving Cyberattacks Against Banks

Nick Holland • July 11, 2018

A new kind of cyberattack that targeted financial institutions in Europe and Russia to steal nearly $100 million illustrates how threats are evolving, says Brian Hussey of Trustwave, who discusses mitigation steps.

Breach Response

Timehop: Lack of Multifactor Login Controls Led to Breach

Jeremy Kirk • July 10, 2018

Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.

Fraud Management & Cybercrime

The Battle for Data Integrity

Tom Field • July 10, 2018

Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.