Latest

Cyberwarfare / Nation-State Attacks

Alert: Russian Hackers Deploying Linux Malware

Akshaya Asokan  •  August 14, 2020

An alert from U.S. National Security Agency and the FBI warns of a recently discovered Russian-deployed malware variant called Drovorub that's designed to target Linux systems, creating a backdoor into targeted networks to exfiltrate data.

Cybercrime as-a-service

How Dharma Ransomware-as-a-Service Model Works

Prajeet Nair  •  August 14, 2020

A new study from Sophos describes how the Dharma ransomware-as-a-service model offers low-skilled hackers the ability to profit from attacks on unprotected small businesses.

Business Continuity Management / Disaster Recovery

Analysis: Did Barclays Go Too Far in Monitoring Employees?

Anna Delaney  •  August 14, 2020

The latest edition of the ISMG Security Report analyzes why Barclays is being investigated for allegedly spying on its employees. Also featured: How the pandemic is affecting CISOs; an FBI assessment of nation-state threats to U.S. election.

Governance & Risk Management

Is CREST Penetration Certification Test Being Gamed?

Mathew J. Schwartz  •  August 14, 2020

Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.

Breach Notification

Health Data Breach Tally Surges

Marianne Kolbasuk McGee  •  August 13, 2020

Why has the tally of major health data breaches - and the number of individuals affected - spiked in recent weeks? Here's an analysis of the latest trends.

Cybercrime as-a-service

RedCurl Cyber Espionage Gang Targets Corporate Secrets

Mathew J. Schwartz  •  August 13, 2020

Since 2018, an advanced persistent threat group dubbed RedCurl, which has served as a team of for-hire hackers specializing in corporate espionage, has hit at least 14 targets in Canada, Russia, the U.K. and beyond, says cybersecurity firm Group-IB.

Anti-Phishing, DMARC

SANS Institute Sees Its Breach as Teachable Moment

Chinmay Rautmare  •  August 13, 2020

The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.

Application Security

More Microsoft Zero-Day Flaws Being Exploited

Prajeet Nair  •  August 12, 2020

Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.

Business Continuity Management / Disaster Recovery

Avaddon Ransomware Joins Data-Leaking Club

Mathew J. Schwartz  •  August 12, 2020

Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates.

Business Email Compromise (BEC)

Beware: AgentTesla Infostealer Now More Powerful

Akshaya Asokan  •  August 12, 2020

The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.

3rd Party Risk Management

Snapdragon Chip Flaws Could Facilitate Mass Android Spying

Mathew J. Schwartz  •  August 11, 2020

Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.

►

Fraud Management & Cybercrime

Using DNS Data for Cybercrime Intelligence

Jeremy Kirk  •  August 11, 2020

The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.