Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Top-tier news sites, entertainment portals, and political commentary sites were among the victims of a massive malvertising campaign related to the Angler Exploit Kit. This campaign is targeting users in the United States and may have affected tens of thousands of users in just 24 hours.
In a notification letter dated March 10, American Express warns cardholders that their account information might’ve been exposed after a third-party service provider suffered a data breach. The third-party provider, which isn’t named, is engaged by several merchants the notification letter explains. Cardholders should expect that their account number, name, and other card details were compromised.
There’s a reason why the FBI estimates that the average loss caused by Business Email Compromise (BEC) to be $130,000 per company. Employees are not familiar with current social engineering strategies, and the network setup is not equipped enough to keep the threat from getting in the network. And this same situation is clearly depicted in an ongoing BEC campaign targeting companies in the US, Middle East, and Asia.
While there’s evidence that organizations are better controlling data loss, today’s attackers are becoming much more targeted and sophisticated. Organized criminals scoped their sights on healthcare somewhere around 2012 and found that stealing patient data enabled them to monetize that information in a number of ways. Since then attacks have grown increasingly sophisticated ever since. And attackers are launching attempts now than ever.
The reported hacking of Bangladesh’s central bank accounts with the U.S. Federal Reserve once again shows how bad the impact of cyber attacks to organizations, enterprises or even nation-states can be. Peel off all the other layers in this narrative for a moment—the amount of money stolen, the alleged players, the politics—and at its core, we have the same tactics and procedures any enterprising criminal will carry out against his or her intended target.
The hacktivist collective Anonymous is calling for a “total war” on Donald Trump in a new video, and its latest campaign to take down the demagogue and GOP presidential nomination frontrunner calls for an attack on Trump Tower Chicago’s website, trumpchicago.com.
The annual Pwn2Own hacking competition has come and gone, with five teams making 11 attempts over a two day period, vying for up to $600,000 in cash prizes and the ultimate bragging rights of earning the title of “Master of Pwn.” Check out our blog coverage for complete results.
Cybercrime pays–$421,000 per year to be exact, for some chief information security officers (CISOs) in San Francisco, according to SilverBull, a full-service IT and cybersecurity recruiting and staffing company based in Manchester, Conn. A new cybersecurity salary bulletin from SilverBull reports that the median average salary for CISOs in the U.S. is $223,000 — up from $204,000 in a bulletin they posted just two months ago.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.