Latest

Cybercrime

Russian BEC Gang Targets Hundreds of Multinational Companies

Akshaya Asokan  •  July 7, 2020

A newly uncovered Russia-based business email compromise gang has been targeting hundreds of large, multinational corporations in over 40 countries since 2019, according to the security firm Agari.

Business Continuity Management / Disaster Recovery

Ransomware + Exfiltration + Leaks = Data Breach

Mathew J. Schwartz  •  July 7, 2020

Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches.

Cybercrime

Patching Urged as F5 BIG-IP Vulnerability Exploited

Ishita Chigilli Palli  •  July 6, 2020

Security researchers warn that the number of exploit attempts targeting a critical vulnerability in F5 Networks' BIG-IP networking products has steadily increased since the company first announced the flaw late last week. They urge users to immediately apply patches.

Cybercrime

North Korean Hacking Infrastructure Tied to Magecart Hits

Mathew J. Schwartz  •  July 6, 2020

Hackers with apparent ties to North Korea have extended their bag of online attack tricks beyond cryptocurrency mining, online bank heists and ransomware. Now, they're also hitting e-commerce merchants in the U.S. and Europe with Magecart attacks to steal payment card data, security firm Sansec reports.

Account Takeover

Hey Alexa. Is This My Voice Or a Recording?

Jeremy Kirk  •  July 6, 2020

Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.

Fraud Management & Cybercrime

How Ekans Ransomware Targets Industrial Control Systems

Akshaya Asokan  •  July 4, 2020

Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.

Cyberwarfare / Nation-State Attacks

NASA Still Struggling With Agency-Wide Cybersecurity Program

Prajeet Nair  •  July 4, 2020

A recent inspector general's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019. The oversite report lists a series of improvements that NASA should make.

Cybercrime

Operators Behind Valak Malware Expand Malicious Campaign

Ishita Chigilli Palli  •  July 3, 2020

The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer.

►

Critical Infrastructure Security

Detecting Network Security Incidents

Anna Delaney  •  July 3, 2020

Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents.

Account Takeover

Digital IDs: A Progress Report

Nick Holland  •  July 3, 2020

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

►

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field  •  July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."

Cybercrime

Studying an 'Invisible God' Hacker: Could You Stop 'Fxmsp'?

Mathew J. Schwartz  •  July 2, 2020

Could your organization withstand an attack by the master hacking operation known as "Fxmsp"? Hollywood loves to portray hackers as having ninja-like skills. But Fxmsp often favored the simplest tools for the job, because they so often worked. Defenders: Take note.