Latest

Endpoint Security

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

Doug Olenick  •  February 24, 2021

The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.

Fraud Management & Cybercrime

Prison Time for Scheme to Frame Nurse for HIPAA Violations

Marianne Kolbasuk McGee  •  February 24, 2021

A Georgia man has been sentenced to federal prison in an unusual case in which he portrayed himself as a whistleblower while falsely reporting to authorities that a hospital worker committed criminal HIPAA violations.

►

Artificial Intelligence & Machine Learning

Using ID Screening to Fight COVID-19 Economic Relief Fraud

Nick Holland  •  February 24, 2021

High-speed identity screening can play a critical role in cracking down on fraud tied to COVID-19 economic relief efforts without impeding legitimate access to funds, says Dr. Gary Shiffman, CEO of Giant Oak, which offers artificial intelligence technology.

Anti-Phishing, DMARC

France Warns of Stolen Healthcare Credentials

Marianne Kolbasuk McGee  •  February 23, 2021

French authorities are warning the country's healthcare sector of the discovery of a glut of stolen credentials, apparently belonging to hospital workers, that were found for sale on the dark web. The alert comes amid a recent rise in ransomware attacks on hospitals and other healthcare entities.

Anti-Phishing, DMARC

Sequoia Capital Investigating 'Cybersecurity Incident'

Prajeet Nair  •  February 22, 2021

Venture capital firm Sequoia Capital confirmed it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired. Cybersecurity teams and law enforcement agencies have been notified.

Breach Notification

Accellion: How Attackers Stole Data and Ransomed Companies

Jeremy Kirk  •  February 22, 2021

Software company Accellion has released preliminary findings around the security incident that stung customers using its 20-year-old File Transfer Appliance. The attackers swiftly stole data from compromised systems, and some of those organizations have subsequently been extorted.

Application Security

SonicWall Was Hacked. Was It Also Extorted?

Jeremy Kirk  •  February 22, 2021

SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.

Application Security

M&A Update: CrowdStrike to Acquire Humio for $400 Million

Doug Olenick  •  February 20, 2021

Security firms Crowdstrike, Palo Alto Networks and Sailpoint are making acquisitions to bolster their product portfolios. Here's a rundown of the deals.

3rd Party Risk Management

Analysis: Russia's Sandworm Hacking Campaign

Anna Delaney  •  February 19, 2021

This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.

Business Email Compromise (BEC)

Nigerian Gets 10-Year Sentence for BEC Scam

Akshaya Asokan  •  February 18, 2021

A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.

Cybercrime

Data Breaches: ShinyHunters' Dominance Continues

Mathew J. Schwartz  •  February 18, 2021

In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say. And this year, it shows no signs of slowing down - it's already hacked e-commerce site Bonobo and dating site MeetMindful.

Critical Infrastructure Security

Senators Push for Action on Water Treatment Hack Investigation

Scott Ferguson  •  February 17, 2021

Sen. Mark Warner, D-Va., is demanding more information from the FBI and the EPA about the Feb. 5 hacking of a water treatment facility in Oldsmar, Florida. Meanwhile, Sen. Marco Rubio, R-Fla., is requesting that the FBI provide "all assistance necessary" to the investigation.