Bash Bunny - a $100 "USB attack and automation platform" - is one piece of a kit being wielded by hackers who have used malicious hardware to steal from Eastern European banks, Kaspersky Lab warns.

Eastern European Bank Hackers Wield Malicious Hardware

Mathew J. Schwartz • December 10, 2018

Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab. It says that since 2017, the "DarkVishnya" attack campaign has hit at least eight Eastern European banks.

Breach Response

14 Hot Sessions at Black Hat Europe 2018

Latest

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk • December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland • December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field • December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field • December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.

3rd Party Risk Management

Applying Secure Multiparty Computation Technology

Geetha Nandikotkur • December 6, 2018

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

Cyberwarfare / Nation-state attacks

Top Republican Email Accounts Compromised

Jeremy Kirk • December 5, 2018

Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports. Few details have been released about the incident, which was investigated by Crowdstrike.

3rd Party Risk Management

GDPR Compliance: The Role of Vendor Risk Management

Tom Field • December 4, 2018

Why is ramping up vendor risk management such a critical component of compliance with the EU's General Data Protection Regulation? Attorney Steven Teppler provides insights.

Endpoint Security

Smart Cities: The Cybersecurity Challenges

Tom Field • December 4, 2018

"Smart cities" projects face huge cybersecurity challenges as they adopt advanced technologies, including IoT systems, says Adnan Baykal of the Global Cyber Alliance.

Data Breach

Question: Did Quora Hack Expose 100 Million Users?

Mathew J. Schwartz • December 4, 2018

Next to corporate communications that claim that "your security is important to us," any website post titled "security update" portends bad news. So too for question-and-answer site Quora, which says a hack exposed 100 million users' personal details, including hashed passwords and private content.

Audit

Marriott's Mega-Breach: Many Concerns, But Few Answers

Jeremy Kirk • December 3, 2018

Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

Incident & Breach Response

Incident Response: Why a Tabletop Exercise Is Essential

Tom Field • December 3, 2018

Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders.

Breach Response

Marriott's Starwood Reservation Hack Could Affect 500 Million

Marianne Kolbasuk McGee • November 30, 2018

The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.