The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

The European Network and Information Security Agency published a new report on app-store security where it advocates for a baseline set of "five lines of defense" against malware.

The Hong Kong Monetary Authority has issued an announcement regarding two updated statements by the Financial Action Task Force on Money Laundering.

The Hong Kong Monetary Authority is informing authorized institutions that on Feb. 29, 2012, the Banking (Amendment) Ordinance 2012 bill was passed by the Legislative Council.

The Hong Kong Monetary Authority has issued a statement on the Chief Executive-in-Council approving United Nations sanctions on Libya and Afghanistan.

Attacks Traced to Gangs Wielding Nefilim, Snake Strains
Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company
Zoom has reached a settlement with the N.Y. attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.

Naikon Hacking Group Targeted Asia-Pacific Countries With New RAT
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.

Data Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.

Australia, India and UK Pursuing Centralized Approach Many Privacy Experts Warn Against
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.

Terminology Shift Announced by Britain's National Cyber Security Center
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

We Need These Apps, But Some Nations' Security and Privacy Follies Don't Bode Well
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Business resiliency and the supply chain - they both were tested by the disruptions we've all experienced. But Patrick Potter of RSA says there are lessons to be learned from the response, and they will guide us as we prepare for the next evolution of our business climate.

The latest edition of the ISMG Security Report analyzes the privacy issues raised by COVID-19 contact-tracing apps. Also featured: An update on efforts to fight fraud tied to economic stimulus payments; John Kindervag on the origins of "zero trust."

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

Malwarebytes Researchers Say Attacks Appear Related to Magecart
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.

Attacks Traced to Gangs Wielding Nefilim, Snake Strains
Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company
Zoom has reached a settlement with the N.Y. attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.

Naikon Hacking Group Targeted Asia-Pacific Countries With New RAT
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.

Australia, India and UK Pursuing Centralized Approach Many Privacy Experts Warn Against
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.

Terminology Shift Announced by Britain's National Cyber Security Center
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

We Need These Apps, But Some Nations' Security and Privacy Follies Don't Bode Well
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

The Bangladesh eGovernment Computer Incident Response Team, or CIRT, is taking several steps to strengthen cybersecurity, including building a sensor network to help enable all banks to share threat intelligence, says Tawhidur Rahman, CIRT's head of digital security and diplomacy.

India is modifying its 2020 National Cybersecurity Policy to take into account the shift to teleworking as a result of the COVID-19 pandemic, says Lt. Gen. (Retd) Rajesh Pant, national cybersecurity coordinator.

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

The Reserve Bank of India on Sept. 22, 2011 issued a notification on security issues and risk mitigation measures related to card-present transactions.

The Reserve Bank of India has updated its mobile banking circular, dated Dec. 24, 2009, removing the 50,000 Rupees per customer, per day limit.

The Institute for Development and Research in Banking Technology has launched the Mobile Banking Security Lab to explore solutions to the evolving challenges in the area of mobile banking and security.

The Institute for Development and Research in Banking Technology has prepared an information security framework to help banks in benchmarking their systems and enhancing information security.

Attacks Traced to Gangs Wielding Nefilim, Snake Strains
Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company
Zoom has reached a settlement with the N.Y. attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.

Naikon Hacking Group Targeted Asia-Pacific Countries With New RAT
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.

Data Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.

Australia, India and UK Pursuing Centralized Approach Many Privacy Experts Warn Against
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.