Latest

Cyberwarfare / Nation-State Attacks

UK Ramps Up Capabilities to Deter Nation-State Hackers

Tony Morbin  •  November 27, 2020

The U.K. is moving to improve its ability to combat online attacks via the establishment of an information warfare network named @HutEighteen. The move, announced by the Defence Academy of the U.K., follows fresh EU sanctions against nation-state hackers, and the U.K. standing up a National Cyber Force.

Business Continuity Management / Disaster Recovery

Hot Cybercrime Trend: Enterprise-Scale Ransomware Hits

Anna Delaney  •  November 27, 2020

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favour of ransomware attacks. Also featured: Defending against deepfakes; supporting a dispersed workforce.

Application Security

Productivity Tools May Be Monitoring Workers' Productivity

Mathew J. Schwartz  •  November 27, 2020

Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.

Cybercrime

Botnet Operators Ditch Banking Trojans for Ransomware

Mathew J. Schwartz  •  November 25, 2020

Driven by the profits to be achieved via ransomware, most botnet operators have dropped banking Trojans in favor of supporting and running crypto-locking malware attacks, according to security experts who spoke Wednesday at cybersecurity firm Group-IB's CyberCrimeCon 2020 virtual conference.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair  •  November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Hackers Exploit MobileIron Flaw

Akshaya Asokan  •  November 25, 2020

The U.K. National Cyber Security Center is warning that nation-state hackers and cybercriminals are exploiting a remote vulnerability in MobileIron's mobile device management tool to target organizations in the country.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick  •  November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.

Cybercrime

Updated Trickbot Malware Is More Resilient

Doug Olenick  •  November 24, 2020

The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.

Endpoint Security

UK Telecommunications Security Bill Would Ban Huawei

Mathew J. Schwartz  •  November 24, 2020

The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.

Breach Notification

Manchester United Investigating Cybersecurity Incident

Prajeet Nair  •  November 23, 2020

The Manchester United football club of the U.K.'s Premier League is investigating a cybersecurity incident that has affected some of the organization's IT infrastructure, although it says it appears that fan and user data has not been exposed.

Business Continuity Management / Disaster Recovery

From St. Louis to France, Ransomware Victim List Expands

Mathew J. Schwartz  •  November 23, 2020

Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.

Breach Notification

Fraudsters Target Cryptocurrency Platforms Through GoDaddy

Prajeet Nair  •  November 23, 2020

Last week, fraudsters targeted two cryptocurrency platforms by accessing domains managed by GoDaddy, according to notices published by the victimized firms. The domain register company previously has had issues with unauthorized access.