COVID-19 and the CISO: Jim Routh on Leadership

Tom Field • March 25, 2020

At its core, cybersecurity is about applying scarce resources to the highest risk. And nothing quite puts that tenet to the test like the COVID-19 pandemic. Jim Routh, CISO of MassMutual, discusses the challenges of managing a remote workforce and third-party relationships during this crisis.

Cyberwarfare / Nation-State Attacks

COVID-19 Response: 5 Tips for Securing Remote Workplace

Latest

Electronic Healthcare Records

Coalition Formed to Address COVID-19 Crisis

Marianne Kolbasuk McGee • March 27, 2020

More than two dozen healthcare organizations and technology firms have formed a coalition to help address the COVID-19 crisis by using secure information sharing and data analysis. But observers warn the group must devote enough attention to privacy and security issues.

Business Continuity Management / Disaster Recovery

Hijacked Routers Steering Users to Malicious COVID-19 Sites

Apurva Venkat • March 27, 2020

Cybercriminals are waging brute-force attacks that enable them to change DNS settings on home and small business routers to redirect victims to fake COVID-19-themed websites that push infostealer malware, according to the security firm Bitdefender.

Business Continuity Management / Disaster Recovery

COVID-19: The Digital Exposure Crisis

Tom Field • March 27, 2020

The COVID-19 pandemic has exposed more than policy and social gaps, says U.K.-based cybersecurity expert John Walker. It's also manifested in digital exposures born out of lack of preparedness and bad practices. Walker offers insights on improving the cyber response.

Business Continuity Management / Disaster Recovery

Analysis: Russia's COVID-19 Disinformation Campaign

Nick Holland • March 27, 2020

The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.

Cybercrime

Russia's Cybercrime Rule Reminder: Never Hack Russians

Mathew J. Schwartz • March 27, 2020

Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.

Cybercrime

Tupperware Website Hit by Card Skimmer

Ishita Chigilli Palli • March 26, 2020

Tupperware, known for its colorful array of food storage containers, is the latest company to have its website hit with a card skimmer that siphons off payment card details at checkout, according to the security firm Malwarebytes. Malicious JavaScript hid in the online checkout payment form.

Cybercrime

Chinese Cyber Espionage Continues Despite COVID-19

Akshaya Asokan • March 26, 2020

Despite the global COVID-19 pandemic, which started in China, Chinese cyber espionage campaigns are continuing, with a new campaign from one APT group targeting at least 75 enterprises in 20 countries, according to the security firm FireEye.

Governance & Risk Management

Microsoft to Pause Non-Essential Software Updates

Mathew J. Schwartz • March 26, 2020

Microsoft has announced that it will pause all non-essential updates for Windows, while both Google and Microsoft have said their Chrome and Edge browsers will, for now, receive only stability and security updates. The moves come as IT teams are continuing to respond to the ongoing fallout of the COVID-19 pandemic.

Cybercrime

The Ecommerce Surge: Guarding Against Fraud

Nick Holland • March 26, 2020

As more consumers shift to online shopping during the COVID-19 pandemic, retailers must ramp up their efforts to guard against ecommerce payment fraud, says Toby McFarlane, a cybersecurity expert at CMSPI, a payments consultancy.

Endpoint Security

The Best of RSA Conference 2020

Information Security Media Group • March 25, 2020

At RSA Conference 2020 in San Francisco, Information Security Media Group's editorial team conducted more than 130 video interviews with industry thought leaders. Here are the highlights.

Business Continuity Management / Disaster Recovery

More Ransomware Gangs Join Data-Leaking Cult

Mathew J. Schwartz • March 25, 2020

More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen data. Such moves come following a banner year for ransomware operators, who are continuing to bring more advanced tactics to bear.

Account Takeover

Mobile Malware Bypasses Banks' 2-Factor Authentication: Report

Apurva Venkat • March 25, 2020

A variant of the TrickBot Trojan bypasses two-factor authentication for mobile banking, for example, by intercepting one-time codes sent over SMS, according to IBM X-Force.