Author Archives: BankInfoSecurity.com RSS Syndication

Russia-Linked Cyber Espionage Group APT29 Remains Active

Researchers Tie 'Operation Ghost' Activity to The Dukes, aka Cozy Bear and APT29
While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 in recent years appeared to have gone somewhat quiet, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."

Domain ‘Typosquatting’ Hits 2020 US Elections

Report Finds 550 Fraudulent Election Domains Connected to Presidential Race
At least 550 fraudulent domains have been aimed at users who accidentally mistype the URL for a political candidate or election-related group, warn researchers at Digital Shadows. While many of these "typosquatting" domains appear to be relatively harmless, some could be more nefarious.

Russian-Linked Cyberespionage Group Remains Active

Researchers Link 'Operation Ghost' to The Dukes, aka Cozy Bear and APT29
While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 has been laying somewhat low over the last three years, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."

Sodinokibi Ransomware Gang Appears to Be Making a Killing

Researchers Traces Bitcoins Paid to Ransomware-as-a-Service Operation Affiliates
Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.

Open Cybersecurity Alliance: In Pursuit of Interoperability

With 18 Vendors on Board, Experts Assess New Group's Chances for Success
Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications. But some observers say getting all players to agree on a common platform will be challenging.

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization talking with adversary infrastructure?

‘Graboid’ Cryptojacking Worm Spreads Through Containers

Using Docker Containers to Spread Worm Is a New, Untested Technique, Researchers Say
Attackers are using Docker containers to spread a cryptojacking worm in a campaign dubbed "Graboid," according to researchers at Palo Alto Network's Unit 42 threat research unit. Although the researchers describe the campaign as "relatively inept," they says it has the potential to become much more dangerous.

Ransomware Attacks: STOP, Dharma, Phobos Dominate

GlobeImposter 2.0 and Sodinokibi Strikes Also Common, Researchers Find
Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma .cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.

‘Silent Librarian’ Revamps Phishing Campaign: Proofpoint

Iranian-Backed Hacking Group Targeting Research Universities
"Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S. and Europe in an attempt to steal intellectual property, according to the security firm Proofpoint.

Libra Association Launched Amidst Defections, Congressional Scrutiny

Mastercard, Visa, PayPal Defect From Facebook's Libra Cryptocurrency
The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

FIN7 Gang Returns With New Malicious Tools: Researchers

FireEye Says Financial Hacking Group Is Deploying New Dropper and Payload
Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Pitney Bowes Says Ransomware Behind System Outages

'All Options' Under Consideration for Recovery, Mailing Equipment Giant Says
Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear at risk. The postage meter maker says "all options" are being considered for recovery, meaning the it could pay a ransom.

Analysis: New ISO Privacy Standard

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.

Imperva’s Breach Post-Mortem: API Key Left Exposed

Imperva Says Key Was Stolen and Used to Take Critical Customer Database
Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.

Capital One Hacking Trial Delay Likely

Prosecutors, Defense Attorneys Ask Judge for Delay, Citing Massive Amounts of Data to Review
Defense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.

Hacked Off: Lawsuit Alleges CafePress Used Poor Security

23 Million Victims Across US, UK, EU and Australia Receive Breach Notifications
Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.

Fighting Human Nature: How to Combat Socially Engineered Account Takeover Attacks

Learn from a former U.S. Cybercriminal on why social engineering is one of the most difficult to stop online crimes.

As a fraud management leader, are you aware that social engineering is a widespread and increasingly common tactic used to takeover customer accounts? Learn more about why social engineering is one of the most dangerous and difficult to stop online crimes.

How Cybercriminals Continue to Innovate

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats
Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

NSA Is Latest Intelligence Agency to Sound VPN Patch Alarm

Not Just Patch or Perish, But Also Pay Attention, Security Experts Warn
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.

Developers’ Code Reuse Security Conundrum: Cut, Paste, Fail

GitHub Projects Riddled With Flawed Stack Overflow Code, Researchers Find
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.

Initial CCPA Compliance Costs Could Hit $55 Billion: Study

Report Estimates Anticipated Expenses for California Consumer Privacy Act Compliance
The California Consumer Privacy Act could cost companies in the state a total of $55 billion for initial compliance expenses, according to a new study prepared for the state attorney general's office. The landmark privacy legislation is slated to go into effect on Jan. 1, 2020.

Zynga’s Breach Notification: How Not to Inform Victims

Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.

PSD2 Authentication Deadline Needs to Be Firmed Up – Now

European Banking Authority Should Act Quickly to Adopt Uniform Timeline for All EU Nations
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.

Baltimore Ransomware Carnage Compounded by Local Storage

Auditor Reveals Lack of IT Policies Ensuring Employees' PCs Centrally Backed Up
The city of Baltimore's ransomware outbreak - $18 million in costs and counting - led to many crypto-locked files being lost forever, because no IT policy mandated centralized file backups. But effective IT solutions exist to help solve this challenge, provided they're deployed in advance of an attack.

How to Prioritize Vulnerability Patching

New Report Asserts That Using CVSS Scores Alone Is Inadequate
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.

Microsoft: Iran-Backed Group Targeted a Presidential Campaign

'Phosphorous' Hacking Group Attempted Attacks on 240 Email Accounts Over Two Months
Microsoft says that over the past two months, a hacking group apparently linked to Iran targeted email accounts associated with the campaign of one 2020 U.S. presidential candidate, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.

Unpatched VPN Servers Targeted by Nation-State Attackers

Pulse Secure, Palo Alto and Fortinet Devices Being Hit by APT Groups, NCSC Warns
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.