Tom Kellermann of VMware Carbon Black on Defending Against Surge in Online Attacks
Ransomware, wire transfer fraud, destructive attacks: In recent months, the financial sector has seen these and other online attacks surge by 238%, as criminals continue to exploit the pandemic, warns Tom Kellermann of VMware Carbon Black, who shares findings from his firm's third "Modern Bank Heists" report.

AMA Outlines Privacy Principles for Health Data

The American Medical Association has issued a set of privacy principles for health data that it hopes Congress and regulators will keep in mind as they prepare legislation and regulations. In an interview, AMA Board Chair Jesse Ehrenfeld, M.D., describes the recommendations.

Setting IAM Priorities in the Shift to the Cloud

Consultant James Gosnold on Avoiding Shortcuts
As more organizations rely more heavily on cloud-based applications as a result of a remote workforce, they must avoid taking identity and access management shortcuts, says James Gosnold of the cloud consultancy CloudKubed, who calls for the addition of another layer of authentication.

Live Webinar | Customer Identity: Building Secure, Seamless Experiences

Britain Re-Evaluating Huawei’s Role in 5G Rollout

US Sanctions Against Chinese Technology Giant May Have Forced Britain's Hand
Britain is reconsidering whether Huawei's technology will be used its national 5G rollout as a result of increased White House sanctions against the Chinese telecommunications giant, which could result in Huawei having to source semiconductors from less reliable sources.

Lawmakers Demand Details on Fighting China-Linked Hacking

Briefings Sought on COVID-19-Related Cyber Espionage and Risk Mitigation Efforts
A bipartisan group of U.S lawmakers is requesting more information from the FBI and CISA about efforts to crack down on hacking groups linked to China's government that are targeting American facilities conducting COVID-19 research.

ZLoader Banking Malware Resurfaces

Researchers Tracking More Than 100 Campaigns Since Start of 2020
Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.

Mercedes-Benz Data Leak Lesson: Lock Down Code Repositories

Luckily for Car Giant, Access Control Gaff Didn't Expose Secret Data - This Time
Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.

New Version of ZLoader Banking Malware Resurfaces

Researchers Observe Over 100 Campaigns Since Start of 2020
Two years after it was last seen in February 2018, a new version of the ZLoader banking malware has resurfaced, with cybercriminals distributing the malware through email campaigns, according to security firm Proofpoint.

Mercedes-Benz Data Leak: Embarrassing But Endurable

The Mistake Could Have Been Much Worse in an Era of Connected Vehicles
Last week, a curious data breach occurred: Almost 9 GB of software development documentation from Daimler AG, the parent company of Mercedes-Benz. In an era where software underpins vehicles, the leak could have been worse, but underscored how shared code repositories much be protected.

UK Data Breach Reports Decline

As GDPR Hits Second Anniversary, Regional Reporting Variations Continue
Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.

Ransomware Gang Posting Financial Details From Bank Attack

Maze Started Releasing Payment Card Data From Costa Rican Bank This Week
The Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, which is the state-owned Bank of Costa Rica. The cybercriminal gang is now threatening to release more of customers' financial data each week.

Phishing Campaign Leverages Google to Harvest Credentials

Researchers: Emails Contain Google Links to Make Them Appear Credible
Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Hackers Tried to Exploit Zero-Day Flaw in Sophos Firewall

Attackers Attempted to Plant Trojan, Ransomware By Exploiting Vulnerability
Hackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, but Sophos says it made a temporary fix that mitigated the risks. Attackers originally attempted to plant a Trojan, but then switched to ransomware.

Microsoft Warns of COVID-19 Phishing Emails Spreading RAT

Malicious Messages Attempt to Install NetSupport Manager Tool on Devices
Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.

RagnarLocker Deploys a Virtual Machine to Hide Ransomware

Ragnar Gang's Innovation: Installing Oracle VirtualBox Windows XP Virtual Machine
As ransomware gangs continue to try and boost their illicit profits, the RagnarLocker ransomware gang has brought a new tactic to bear: installing a full virtual machine on victims' systems to hide their crypto-locking malware while it forcibly encrypts files, warns security firm Sophos.

Analysis: The Long-Term Implications of ‘Work From Home’

The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.

Live Webinar | The Big Surge: How to Build a More Resilient and Available Web Infrastructure

Live Webinar | Cloud Security for a New World of Work

Hacked Law Firm May Have Had Unpatched Pulse Secure VPN

REvil Gang Still Threating to Release More Data
A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say.

Hot Offering on Darknet: Access to Corporate Networks

More Ads Offer Access for a Substantial Price: Positive Technologies
The number of darknet forum ads offering full access to corporate networks jumped almost 70% during the first quarter of 2020, compared to the previous quarter, posing a significant potential risk to corporations and their now remote workforces, according to security firm Positive Technologies.

Bank of America: COVID-19 Loan Data May Have Leaked

Client Data May Have Been Exposed During Test of SBA Loan Platform
Bank of America disclosed this week that some customers' data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program - a U.S. government initiative created to provide business loans during the COVID-19 pandemic.

AST as the Key to DevSecOps Maturity

DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.

Remote Workforce Security – the Long Game

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Apple and Google Release Contact-Tracing APIs for COVID-19

Privacy-Centered Approach May Bolster Public Confidence in Contact-Tracing Apps
Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.

What You Don’t Understand About Crypto Can Hurt You

Police Allege Hacker Sold Millions of Email Credentials

Secret Service of Ukraine Arrests 'Sanix' for Serving as Broker on Darknet
The Security Service of Ukraine this week arrested a hacker known as "Sanix" who allegedly sold combinations of millions of email passwords and usernames on darknet forums.

Phishing Attack Bypassed Office 365 Multifactor Protections

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks
A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.

How CISOs Can Achieve Better Network Visibility

Cybersecurity Adviser Ed Moyle on the Need to Keep Up With Security Architecture Changes
To achieve better network visibility, security practitioners must improve their knowledge of tools that support web services, containers and the evolution of development practices, says Ed Moyle, co-founder of the cybersecurity advisory firm Security Curve.

Toll Group Data Leaked Following Second Ransomware Incident

To Suffer One May Be Regarded As a Misfortune; To Suffer Two Looks Like Carelessness
Australian shipping giant Toll Group recently suffered its second ransomware outbreak of the year, with Thomas Knudsen, the company's managing director, branding the latest attack as being "serious and regrettable." But was it preventable?

Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019

Analysts Predict Attacks in the Cloud Will Continue to Surge This Year
Attacks targeting cloud-based data nearly doubled in 2019 as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report. Observers expect the trend to continue this year.

Spoofed Website Templates Help Spread COVID-19 Scams: Report

Fake Websites Linked to Phishing Attacks Designed to Steal Credentials, Banking Data
Fraudsters are now using numerous spoofed website templates with COVID-19 themes as part of phishing attacks designed to steal login credentials and banking data, according to Proofpoint.

U.S. Treasury Warning: Beware of COVID-19 Financial Fraud

Financial Crimes Enforcement Network Advises Banks to Be on the Lookout for Scams
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about surging COVID-19 themed scams and other illicit activities, ranging from medical-related fraud involving the sale of fake cures, tests and vaccines to price gouging and hoarding of supplies in shortages.

Cybersecurity Leadership: What’s Your 180-Day Plan?

CEOs, CISOs on Authentication, Access and Defending the Hybrid Workforce
Business and security leaders accept that a hybrid workforce is the new norm - some staff members based in a central office and many others permanently working at home. But what new cybersecurity demands does this strategy present short-term and into 2021? Our expert panel shares insights.

DoJ Blasts Apple on Lack of Encryption Backdoor – Again

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back
Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S. sailors at a military base in Pensacola, Florida, the Justice Department continues to criticize Apple's refusal to offer law enforcement a backdoor to its encrypted devices.

EasyJet Data Breach Exposes 9 Million Customers’ Details

European Budget Airline Says Payment Card Data Stolen, But Only for 2,200 Customers
European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.

Why Cyberthreats Tied to COVID-19 Could Hit Diverse Targets

Besides hospitals and academic institutions, dozens of nonprofits, including nongovernmental organizations - or NGOs - around the world must protect their COVID-19 research and related activities from those seeking to steal data or disrupt their operations, says cyber risk management expert Stanley Mierzwa.

Live Webinar | Evolving API Security to Keep Pace with Financial Services

GAO: Chemical Plants Vulnerable to Cyberattacks

DHS Cybersecurity Guidance Not Updated in a Decade
U.S. facilities that produce, use or store hazardous chemicals are vulnerable to cyberattacks, in part because cybersecurity guidelines from the Department of Homeland Security are outdated, according to a recent GAO audit.

Live Webinar | Cyberthreats on the META Horizon: Threat Landscape in the New Reality

Supercomputer Intrusions Trace to Cryptocurrency Miners

Likely Connected: Attacks Against Systems in US, UK, China, Germany and Beyond
Cryptocurrency-mining hackers appear to be behind a recent spate of supercomputer and high-performance computing system intrusions. But it's unclear if attackers might also have had data-stealing or espionage intentions.

Developer in Cyprus Claims Breach of Contacts App

Covve Visual Network Says It's Notifying Users and Regulators
Covve Visual Network Ltd., a Cyprus-based app developer, acknowledges that it's the owner of 90GB of data - including tens of millions of records - that apparently was left exposed on an open Elasticsearch database. A portion of the data was posted on a darknet forum.

Ransomware Gang Demands $42 Million From Celebrity Law Firm

REvil Gang Ups Ransom Ante After Releasing Data on Lady Gaga
The operators of the REvil ransomware strain are attempting to ratchet up pressure on a New York law firm to pay a $42 million ransom before releasing more data on the firm's roster of celebrity clients. So far, cybercriminals released about 2 GB of legal information related to Lady Gaga.

Congress to Consider Competing COVID-19 Privacy Bills

Democrats and Republicans Introduce 2 Versions of Legislation With Similar Goals
As COVID-19 rages and technology firms race to develop contact-tracing apps and other digital tools to help contain the spread, congressional Democrats have followed Republicans in introducing privacy legislation aimed at protecting consumer data collected during public health emergencies.

Android Spyware Hidden in Apps for 4 Years: Report

Mandrake Malware Still Lurks in Apps in Google Play Store, Bitdefender Says
A sophisticated cyber-espionage campaign using spyware called Mandrake has been targeting Android users for at least four years, according to security firm Bitdefender. The malware has the ability steal a range of data, including SMS authentication messages from banks.

‘Security Incident’ Knocks UK’s ARCHER Supercomputer Offline

Other European Supercomputers Also Affected, Officials Say
ARCHER, a British high-performance computing system for academic and theoretical research, has been offline since May 11, when a "security incident" forced the University of Edinburgh to take down the supercomputer. The security incident also affected supercomputers in other parts of Europe, university officials say.

Live Webinar | Your Next Security Risk Assessment Needs to Talk Dollars and Sense

What if you could not only identify your organization's current security gaps but ALSO understand and communicate the financial risk of potential cyberattacks and the financial gains of proposed security measures?

The answer is clear: you would be able to make decisions that optimize both your company's security and your bottom line with an always on risk assessment solution.

Attend this webinar to discover how you can quantify both risk and mitigation in economic terms to prioritize where to mitigate risk for the greatest impact.

Live Webinar | The State of Application Security

Live Webinar | Hackers Have First-Move Advantage – How Can We Rapidly Equip Cyber Ready Humans To Respond?

Analysis: Securing RDP to Prevent Ransomware Attacks

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.

Analysis: The Contact-Tracing Conundrum

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

The ‘Death’ of the Office

The modern office is a no longer relevant as a result of the work-from-home surge, says Nathan Howe of Zscaler, who discusses the implications for data security.

Remote Workforce Security: The Role of ‘Zero Trust’

Kevin Schwarz of Zscaler discusses the security implications of the "new normal" of employees working from home, including the role of a "zero trust" strategy.

Ransomware Reminder: Paying Ransoms Doesn’t Pay

Funding Criminals Perpetuates Cybercrime
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.

Why Are We So Stupid About RDP Passwords?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Digital Contact-Tracing Apps Must Win Hearts and Minds

We Need These Apps, But Some Nations' Security and Privacy Follies Don't Bode Well
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Forget Whitelists and Blacklists: Go for ‘Allow’ or ‘Deny’

Terminology Shift Announced by Britain's National Cyber Security Center
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

Investment Firm Hit by BEC Scam

Norway's Norfund Investigating Breach of Internal Network
Fraudsters have conned Norfund, a private equity investment firm based in Oslo, Norway, out of more than $10 million in what the company calls an "advanced data breach." But the incident bears the hallmarks of a business email compromise scam.

Crypto-Lock and Tell: Ransomware Gangs Double Down on Leaks

Dedicated Leak Sites Are Likely Driving More Victims to Pay, Security Experts Warn
More ransomware-wielding gangs are not just crypto-locking victims' systems, but also stealing and threatening to leak data unless they get their demanded bitcoin ransom payoff. A growing number of security experts believe the strategy is leading more victims to pay.

Australia Passes Privacy Law for Contact-Tracing App

Jail Time Possible for Those Who Misuse Data; Employers Can't Require Usage
Australia's Parliament passed a new law on Thursday to deal with a range of legal and privacy concerns arising from its quickly developed contact-tracing app, COVIDSafe. Misusing data and other offenses could garner a five-year prison sentence.

FDIC Issues Guidance to Areas in Illinois Impacted by Severe Storms

The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Illinois affected by severe storms, straight-line winds, and tornadoes.

FDIC: Institutions Encouraged to Work with Borrowers Impacted by Shutdown

Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.

FFIEC: Statement on End of Microsoft Support for Windows XP

The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014.

FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers

The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities.

Live Webinar: What You Don’t Understand About Crypto Can Hurt You

The Urgency of Re-Examining Security Practices During Pandemic

Cybersecurity Expert Reviews Key Questions to Ask
Organizations must carefully re-examine their security procedures to make sure they're adequate for the new work-from-home environment during the COVID-19 crisis, says Shelton Newsham, a British law enforcement official who specializes in cybersecurity. He reviews key questions to ask.

M	T	W	T	F	S	S
« Apr
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31