(Clockwise from top left): Reps. James Comer, Bennie G. Thompson, John Katko and Carolyn Maloney led the joint committee hearing on Friday examining the supply chain attack that targeted SolarWinds.

House SolarWinds Hearing Focuses on Updating Cyber Laws

Scott Ferguson • February 26, 2021

A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.

Critical Infrastructure Security

IRS Warns of Fresh Fraud Tactics as Tax Season Starts

Latest

Critical Infrastructure Security

NSA Issues Guidance on Zero Trust Implementation

Akshaya Asokan • February 27, 2021

The US National Security Agency has issued its zero trust guidance aimed at securing critical networks and sensitive data within key federal agencies. The NSA adds it is also assisting Defense Department customers with the zero trust implementations.

Fraud Management & Cybercrime

Ransomware: Beware of 13 Tactics, Tools and Procedures

Mathew J. Schwartz • February 26, 2021

Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.

Cyberwarfare / Nation-State Attacks

Microsoft Releases Queries for SolarWinds Attack Detection

Prajeet Nair • February 26, 2021

Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.

Fraud Management & Cybercrime

DHS to Provide $25 Million More for Cybersecurity Grants

Doug Olenick • February 26, 2021

The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular focus on combatting ransomware, Secretary Alejandro Mayorkas announced Thursday.

Breach Notification

Analysis: Feds Crack Down on Cryptocurrency Scams

Anna Delaney • February 26, 2021

The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.

Governance & Risk Management

6,000 VMware vCenter Devices Vulnerable to Remote Attacks

Prajeet Nair • February 25, 2021

Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.

Electronic Healthcare Records

Secure Patient Access to Health Records: The Challenges

Marianne Kolbasuk McGee • February 25, 2021

As the healthcare sector works to provide patients with secure access to their health information via smartphones and other devices, it must address critical identity and trust issues, says DirectTrust president and CEO Scott Stuewe.

Cryptocurrency Fraud

Not 'Above the Law' - Feds Target ICO Cryptocurrency Scams

Mathew J. Schwartz • February 25, 2021

Authorities have accused Serbia-based scammers of capitalizing on the "initial coin offering" bubble that began in 2017, bilking global cryptocurrency investors out of $70 million via Bitcoiin2Gen and other supposed coins and hiring actor Steven Seagal to endorse them.

Business Continuity Management / Disaster Recovery

Federal Reserve's Money Transfer Services Suffer Outage

Doug Olenick • February 24, 2021

The Federal Reserve's online money transfer system, including Fedwire Funds and FedCash, suffered an outage for more than three hours Wednesday afternoon, with the Fed citing technical issues as the cause and not a cyber incident. Systems were restored by late afternoon.

Endpoint Security

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

Doug Olenick • February 24, 2021

The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.

Fraud Management & Cybercrime

Prison Time for Scheme to Frame Nurse for HIPAA Violations

Marianne Kolbasuk McGee • February 24, 2021

A Georgia man has been sentenced to federal prison in an unusual case in which he portrayed himself as a whistleblower while falsely reporting to authorities that a hospital worker committed criminal HIPAA violations.

Artificial Intelligence & Machine Learning

Using ID Screening to Fight COVID-19 Economic Relief Fraud

Nick Holland • February 24, 2021

High-speed identity screening can play a critical role in cracking down on fraud tied to COVID-19 economic relief efforts without impeding legitimate access to funds, says Dr. Gary Shiffman, CEO of Giant Oak, which offers artificial intelligence technology.