Latest

Cybercrime

Microsoft Describes How SolarWinds Hackers Avoided Detection

Doug Olenick  •  January 21, 2021

Microsoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.

Fraud Management & Cybercrime

Fueled by Profits, Ransomware Persists in New Year

Akshaya Asokan , Mathew J. Schwartz  •  January 21, 2021

Ransomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay. Experts predict gangs will double down on whatever works, which lately includes data exfiltration.

3rd Party Risk Management

Free Auditing Tool Helps Detect SolarWinds Hackers' Malware

Akshaya Asokan  •  January 20, 2021

Security firm FireEye has released a free auditing and remediation tool on GitHub that it says can help organizations determine if the hacking group that targeted SolarWinds used similar techniques within their network to gain access to Microsoft Office 365 accounts.

Cyberwarfare / Nation-State Attacks

Malwarebytes CEO: Firm Targeted by SolarWinds Hackers

Prajeet Nair  •  January 20, 2021

The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."

Cybercrime

'FreakOut' Botnet Targets Unpatched Linux Systems

Prajeet Nair  •  January 20, 2021

Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

3rd Party Risk Management

'Raindrop' Is Latest Malware Tied to SolarWinds Hack

Doug Olenick  •  January 19, 2021

Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.

Governance & Risk Management

Microsoft Taking Additional Steps to Address Zerologon Flaw

Prajeet Nair  •  January 19, 2021

Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.

Breach Notification

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Mathew J. Schwartz  •  January 19, 2021

Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.

Breach Notification

OpenWRT Project Community Investigating Data Breach

Prajeet Nair  •  January 19, 2021

OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.

Cyberwarfare / Nation-State Attacks

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege

Mathew J. Schwartz  •  January 18, 2021

The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.

Business Email Compromise (BEC)

COVID-19 Vaccine Themes Persist in Fraud Schemes

Prajeet Nair  •  January 18, 2021

Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.

Card Not Present Fraud

Joker's Stash Reportedly Shutting Down Operations

Akshaya Asokan  •  January 16, 2021

Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming he will "retire" at that time, according to Gemini Advisory. Researchers say fraudsters will quickly move to other sites.