COVID-19 Resource Center: Latest News and Insights on the Novel Coronavirus and Cybersecurity Response

The COVID-19 pandemic has changed how we all live and work, creating the largest remote workforce in history. Never have topics such as identity and access management, device security and business resiliency been more critical. Use this COVID-19 Resource Center for the latest updates and opinions on the virus, its influence on the threat landscape and how global organisations can improve response.

OnDemand Webinar | For Retail : Preventing Application Fraud while Removing User Friction

Information Security Media Group • October 13, 2021

Watch this onDemand webinar which includes a focused retail case study on fighting fraud & user friction.

Application Security & Online Fraud

OnDemand Webinar | Fraud ROI for Ecommerce: Drive More Revenue with Fewer False Positives

Application Security & Online Fraud

Fraud Transformation: Balancing Business and Customer Needs

Securing Digital Transformation for Legacy Systems

Latest

Fraud Management & Cybercrime

Ransomware: A Problem of Excesses

Tom Field • September 29, 2021

You can't decrease the motivation of ransomware attackers. But you can curb their success by bolstering your own enterprise's approach to access, credentials and privileges. Morey Haber and James Maude of BeyondTrust share insights on ransomware defense.

Cryptocurrency Fraud

SEC Chair Pushes for Additional Cryptocurrency Regulations

Dan Gunderman • September 14, 2021

U.S. SEC Chair Gary Gensler testified before the Senate on Tuesday and again called for comprehensive cryptocurrency regulations, citing a need to reduce cybersecurity risks, other market risks, and criminal efforts to defraud investors, while simultaneously advancing the space.

Fraud Management & Cybercrime

New York Vaccine Passport App Stored Forged Credentials

Dan Gunderman • September 14, 2021

A recently patched flaw in a mobile app allowing N.Y. residents to acquire and store a COVID-19 vaccine credential did not validate user input properly and stored forged verifications, according to security researchers. Experts say similar flaws could have dire consequences.

Fraud Management & Cybercrime

Transforming an Organization's Security Culture

Anna Delaney • September 10, 2021

Bobby Ford of Hewlett Packard Enterprise says that too often when an organization engages with security, it happens in an ad hoc way. He describes his mission to create a Cybersecurity Center of Excellence to streamline the organization's security incident management and response processes.

Fraud Management & Cybercrime

2 Data Leaks Reported in Indonesia's COVID-19 Tracking Apps

Soumik Ghosh • September 7, 2021

The personal data of at least 1.3 million Indonesian residents, stored on two government-developed COVID-19 tracking apps, PeduliLindungi and eHAC, has been leaked online, according to security researchers. President Joko Widodo is among those affected.

Fraud Management & Cybercrime

Taliban’s Takeover of Kabul: Biometric Fallout Concerns

Mathew J. Schwartz • September 2, 2021

As the last U.S. military flight lifted off Tuesday evening from the airport in Kabul, Afghanistan, what's been left behind reportedly includes a vast trove of biometric data that could be used to identify - including for interrogation or execution - individuals who assisted the occupying NATO forces.

Email Security & Protection

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Rashmi Ramesh • August 30, 2021

A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. The malicious messages appear to come from victims' HR...

Endpoint Security

Data Breach Culprits: Phishing and Ransomware Dominate

Mathew J. Schwartz • August 27, 2021

Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports. The U.K. government has also been caught out by breaches and leaks involving military secrets and CCTV footage from a government building.

Access Management

Misconfigured Microsoft Power Apps Spill Sensitive Data

Jeremy Kirk • August 24, 2021

At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.

Governance & Risk Management

ISMG Editors’ Panel: Government Cybersecurity Challenges

Anna Delaney • August 6, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including improving federal agencies' cybersecurity and businesses recovering from the pandemic's impact.

Fraud Management & Cybercrime

Analysis: Oh, the Lies Ransomware Operators Tell

Anna Delaney • August 6, 2021

The latest edition of the ISMG Security Report features an analysis of how ransomware attackers share about their inclinations, motivations and tactics. Also featured: The rise of integrity attacks; dispelling vaccine myths.

Endpoint Security

IoT Security Dangers Loom as Office Workers Return

Doug Olenick • July 24, 2021

With corporate America beginning to ask employees to come back to their offices in the fall, cybersecurity teams have the huge task of ensuring that the work environment is safe. This is particularly true of IoT devices, as many have been left unprotected for months.