Latest

Business Continuity Management / Disaster Recovery

Avaddon Ransomware Joins Data-Leaking Club

Mathew J. Schwartz  •  August 12, 2020

Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates.

Business Email Compromise (BEC)

Beware: AgentTesla Infostealer Now More Powerful

Akshaya Asokan  •  August 12, 2020

The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.

3rd Party Risk Management

Snapdragon Chip Flaws Could Facilitate Mass Android Spying

Mathew J. Schwartz  •  August 11, 2020

Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.

►

Fraud Management & Cybercrime

Using DNS Data for Cybercrime Intelligence

Jeremy Kirk  •  August 11, 2020

The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.

COVID-19

Ransomware Reportedly Hits Ventilator Maker

Marianne Kolbasuk McGee  •  August 10, 2020

A manufacturer of transit communication systems that pivoted to build ventilators during the COVID-19 pandemic is reportedly the latest victim of the DoppelPaymer ransomware gang.

Business Email Compromise (BEC)

BEC Scam Targets Executives' Office 365 Accounts

Chinmay Rautmare  •  August 10, 2020

A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.

COVID-19

Barclays Faces Employee Spying Probe

Mathew J. Schwartz  •  August 10, 2020

The U.K.'s privacy watchdog is probing banking giant Barclays over its use of employee monitoring tools after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees.

Cloud Security

Capital One Fined $80 Million Over 2019 Breach

Chinmay Rautmare  •  August 7, 2020

A federal banking regulator has fined Capital One $80 million, citing numerous security shortfalls before the 2019 data breach that exposed the financial and personal information of over 100 million individuals in the U.S. and Canada.

Cybercrime

Researchers: IoT Botnets Could Influence Energy Prices

Akshaya Asokan  •  August 7, 2020

High-wattage IoT devices and appliances, such as connected refrigerators, air conditioners and heaters, could be turned into massive botnets by malicious actors and used to influence energy prices, according to an academic study released at Black Hat 2020.

Application Security

Analysis: Hijacking of Twitter Hacker's Virtual Hearing

Anna Delaney  •  August 7, 2020

The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.

Cybercrime

Exploring the Forgotten Roots of 'Cyber'

Mathew J. Schwartz  •  August 7, 2020

One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?

Cybercrime

Global Cybercrime Surging During Pandemic

Marianne Kolbasuk McGee  •  August 6, 2020

Cybercriminals have shifted their focus from individuals and smaller businesses to target governments, critical health infrastructure and major corporations to maximize their profits and disruption during the COVID-19 pandemic, a new Interpol report warns.