Guy Sheppard, general manager of financial services, Aboitiz Data Innovation

Leveraging Interindustry Data to Discover Mule Accounts

Suparna Goswami • July 5, 2022

How can you leverage artificial intelligence and make sense of data from different industries to determine whether a customer is creditworthy or whether an account is a mule account? Guy Sheppard, general manager of financial services at Aboitiz Data Innovation, discusses a case study.

Cryptocurrency Fraud

Preparing for Retaliatory Attacks From Russia

Latest

Governance & Risk Management

Django Software Foundation Patches High-Severity Bug

Mihir Bagwe • July 5, 2022

The Django web framework patched a high-severity vulnerability affecting its main branch and three other versions - 3.2, 4.0 and 4.1. Developers who match inputs against safelists are unaffected. There are more than 91,000 websites using the Django framework, many of them based in the United States.

Breach Notification

Unknown Hacker Steals Data of 1 Billion Chinese Citizens

Prajeet Nair • July 5, 2022

A misconfigured Alibaba private cloud server has led to the leak of around 1 billion Chinese nationals' personal details. An unknown hacker, identified as "ChinaDan," posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoin, equivalent to about $200,000.

Cloud Security

RSA Conference 2022 Compendium: 150+ Interviews and More

• July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

Cryptocurrency Fraud

British Army's Twitter and YouTube Accounts Hijacked

Mihir Bagwe • July 4, 2022

The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.

Breach Notification

Indian Stock Exchanges Have 6 Hours to Report Cyber Incident

Mihir Bagwe • July 1, 2022

India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

3rd Party Risk Management

Malware Disrupts Multiple US State Unemployment Websites

Mihir Bagwe • July 1, 2022

Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.

Email Security & Protection

OpenSea Customer Emails Exposed in Third-Party Breach

Mihir Bagwe • June 30, 2022

Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.

Biometrics

Token Snags Ex-OneSpan Revenue Leader John Gunn as New CEO

Michael Novinson • June 30, 2022

Token selected former OneSpan CRO John Gunn as CEO to scale the organization and prepare its wearable authentication ring for large-scale production. Gunn is tasked with sourcing the critical components needed to manufacture the ring and building a base of paying clients for the biometric tool.

Governance & Risk Management

The Right Way to Change Your Identity Service Providers

Suparna Goswami • June 30, 2022

Markus Kalka, head of security authentication services at Takeda, talks about the challenges of changing identity service providers and shares the experience of consolidating three services into one at his company, a Japanese multinational pharmaceutical.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

Fraud Management & Cybercrime

Zero Trust Architecture: No Firewalls or VPNs

Anna Delaney • June 30, 2022

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019.