The breach perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring.
Leaked documents, dubbed the “FinCEN Files,” describe global money laundering of $2 trillion processed by many of the world’s biggest banks between 2000 and 2017. The reveal illuminates the struggle for the financial industry and government to provide ironclad data protection. “This sensational and unprecedented leak clearly demonstrates a wide spectrum of data protection weaknesses…
Ransomware, insecure internet-facing systems and attacks against cloud-based services are among the top threats facing industry this year, according to new and recent threat intelligence reporting. The Q2 threat report released today by Rapid7 and detailing the latest tools and tactics used in cyber campaigns targeting the private sector, pegged the manufacturing sector as the…
The threat of big-money bribery might just affect a company’s threat model and the defense needed to stop those threats.
Twitter’s acknowledgement that a “coordinated social engineering campaign” involving multiple employees was behind a hack of prominent verified accounts raises significant questions as to whether business organizations are implementing effective security controls that limit potential insider threats’ access to back-end administrative tools. The hacking incident — which promoted a cryptocurrency scam and victimized the accounts…
Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…
A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox — illustrating why companies must be on the lookout for employees who fit the mold of an insider threat. The unnamed hacker told Motherboard that they paid one insider to…
Trend Micro was the target of an insider threat that saw about 100,000 of its consumer customers have their account information stolen, sold and used to make scam phone calls. Less than one percent of Trend Micro’s 12 million consumer customers were compromised when an employee improperly accessed their data and then sold it to…
A pair of former Twitter employees – one an engineer and the other a media partnership manager – were busted for accessing users’ account and personal data on behalf of Saudi Arabia to ferret out opponents of the kingdom. Engineer Ali Alzabarah and manager Ahmad Abouammo were charged with operating within the U.S. as agents…
Presidential candidate Tom Steyer’s campaign said it doesn’t possess the volunteer voter data collected by Sen. Kamala Harris’s campaign that was lifted by Steyer aide Dwane Sims, who accessed the information via an account he had while working with the South Carolina Democratic Party. “We take this matter very seriously, and that is why we…
