The Secret Service Electronic Crimes Task Force is now part of the larger Cyber Fraud Task Force. (Photo: US Secret Service)

US Secret Service Forms Cyber Fraud Task Force

Akshaya Asokan • July 11, 2020

The U.S. Secret Service is combining its electronic and financial crimes units into a single task force that will focus on investigating cyber-related financial crimes, such as BEC schemes and ransomware attacks. The move comes as lawmakers push for the Secret Service to take a more active role in fighting cybercrime.

Cybercrime

NASA Still Struggling With Agency-Wide Cybersecurity Program

Latest

Cyberwarfare / Nation-State Attacks

Wells Fargo Bans TikTok App on Company Devices

Ishita Chigilli Palli • July 13, 2020

Wells Fargo, the fourth largest bank in the U.S., has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The news comes after Amazon sent mixed signals to its employees about use of the social media app.

Cybercrime

Russian Found Guilty of Hacking LinkedIn, Dropbox

Prajeet Nair • July 13, 2020

A Russian national has been found guilty of hacking LinkedIn, Dropbox and the now defunct Formspring to steal millions of user credentials, some of which were later sold on underground markets.

Cybercrime

No 'Invisible God': Fxmsp's Operational Security Failures

Mathew J. Schwartz • July 13, 2020

To the long list of alleged hackers who failed to practice good operational security so they could remain anonymous, add another name: Andrey Turchin, who's been charged with running the Fxmsp hacking group, which prosecutors say relied on Jabber and bitcoins in an attempt to hide their real identities.

Account Takeover

5 Billion Unique Credentials Circulating on Darknet

Ishita Chigilli Palli • July 10, 2020

Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.

Cybercrime

Malware Found Pre-Installed on Low-Cost Android Smartphones

Prajeet Nair • July 10, 2020

For the second time this year, security researchers have found malware embedded in low-cost Android smartphones distributed through a U.S. government program, security firm Malwarebytes reports.

Cybercrime

Zoom-Themed Phishing Campaign Targets Office 365 Credentials

Prajeet Nair • July 10, 2020

A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. These attacks come as use of the platform soars due to work-from-home arrangements.

Cybercrime

Updated Joker Android Malware Adds Evasion Techniques

Akshaya Asokan • July 10, 2020

Check Point Research reports that a new version of the Joker mobile malware that infects Android devices has emerged. The malware, hidden in apps in the Google Play store, has once again evaded Google's security tools.

COVID-19

Analysis: Monitoring the Risks Posed by Remote Workers

Nick Holland • July 10, 2020

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

Breach Notification

Health Data Breach Trends: A Mid-Year Assessment

Marianne Kolbasuk McGee • July 9, 2020

What major health data breach trends emerged in the first half of 2020? Here's a rundown of the latest statistics - plus an analysis by experts.

Endpoint Protection Platforms (EPP)

Alerts: Flaws in Ultrasound, Open-Source Hospital Systems

Marianne Kolbasuk McGee • July 8, 2020

Two recent Department of Homeland Security advisories pertaining to vulnerabilities in certain ultrasound systems from a major medical device maker - and multiple flaws in an open-source hospital information management system - highlight the range of security risks spanning various segments of the healthcare sector.

Cybercrime

Feds Indict 'Fxmsp' for Hacking Multiple Firms

Ishita Chigilli Palli • July 8, 2020

The U.S. Justice Department has charged Kazakhstan national Andrey Turchin with being the hacker known as "Fxmsp," as well as running a hacking collective known by the same name that's been tied to 300 attacks worldwide, including against anti-virus vendors.

Governance & Risk Management

CCPA Enforcement: What to Expect Now

Anna Delaney • July 8, 2020

Attorney Sadia Mirza, offers an update on the July 1 California Consumer Privacy Act enforcement and what security and privacy professionals should expect over the next few months.