US Banning TikTok, WeChat Downloads

Doug Olenick • September 18, 2020

The U.S. Commerce Department is banning the downloading and hosting of China-based social media apps TikTok and WeChat effective on Sunday, citing national security concerns. The announcement comes as Oracle continues to negotiate a deal for partnering on TikTok's U.S. operations.

Cyberwarfare / Nation-State Attacks

TikTok Picks Oracle as US 'Technology Partner'

Latest

Breach Notification

Senators Demand More Details on VA Breach

Marianne Kolbasuk McGee • September 18, 2020

Several Senate Democrats are demanding answers from the Department of Veterans Affairs about cybersecurity practices after a breach that the VA says exposed data on 46,000 veterans, but which the senators claim also apparently affected 17,000 healthcare providers. The VA disputes that provider figure.

Cryptocurrency Fraud

Why Darknet Markets Persist

Mathew J. Schwartz • September 18, 2020

Empire is the latest darknet market to "exit scam," meaning administrators ran away with users' cryptocurrency, leaving the market to fail. Given the ongoing risk of exit scams, as well as police often targeting such markets, why do they persist?

DDoS Protection

Analysis: Online Attacks Hit Education Sector Worldwide

Chinmay Rautmare • September 18, 2020

Check Point Research analysts have observed a significant rise in online attacks against the educational sector worldwide since July. DDoS attacks have surged in the U.S., while European institutions have been hit by ransomware.

Blockchain & Cryptocurrency

Researchers Find Mozi Botnet Continues to Grow

Prajeet Nair • September 18, 2020

Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit. The malware is being used to launch DDoS attacks as well as mine for cryptocurrency.

Cyberwarfare / Nation-State Attacks

3 Iranian Hackers Charged With Targeting US Satellite Firms

Akshaya Asokan • September 18, 2020

Three Iranian hackers have been charged in connection with using social engineering and phishing techniques to steal data and intellectual property from U.S. satellite and aerospace companies, according to the Justice Department. The suspects were allegedly working on behalf of Iran's Islamic Revolutionary Guard Corps.

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Blockchain & Cryptocurrency

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Prajeet Nair • September 17, 2020

Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Business Continuity Management / Disaster Recovery

Ransomware Attack at Hospital Leads to Patient's Death

Marianne Kolbasuk McGee • September 17, 2020

A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.

Cyberwarfare / Nation-State Attacks

2 Iranians Indicted for Lengthy Hacking Campaign

Akshaya Asokan • September 17, 2020

Two Iranian nationals have been charged with participating in a years-long hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data, according to the U.S. Department of Justice.

Breach Notification

Dunkin' Data Breach Settlement Paves the Way for More Suits

Doug Olenick • September 17, 2020

Dunkin' Brands' settlement with the New York state attorney general of a lawsuit tied to a 5-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states - as well as customers.

Fraud Management & Cybercrime

Researcher Describes Risks Posed by Posting Boarding Passes

Jeremy Kirk • September 17, 2020

An Instagram post by one of Australia's former prime ministers led to a security researcher finding his passport and phone number due to a coding error in a widely used airline ticketing system. The bug has been fixed, but it's another warning to avoid posting photos of boarding passes.

Business Continuity Management / Disaster Recovery

Maze Ransomware Attack Borrows RagnarLocker Hacking Move

Mathew J. Schwartz • September 17, 2020

Stop me if you think you've heard this one before: Some ransomware attackers are hiding attack code in virtual machines or creating new leaking sites to pressure victims into paying.