Example of a malicious message, written in German, that contains a malicious attachment sent through a collaboration platform channel (Source: Cisco Talos)

Fraudsters Flooding Collaboration Tools With Malware

Prajeet Nair • April 9, 2021

The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.

Fraud Management & Cybercrime

Biden's Infrastructure Plan: 3 Cybersecurity Provisions

Latest

Anti-Phishing, DMARC

Cofense and StrikeForce Announce Acquisitions

Doug Olenick • April 10, 2021

Email security provider Cofense and data security firm StrikeForce Technologies both have announced strategic acquisitions this pas week. Meanwhile, data protection firm OneTrust received additional funding.

Account Takeover Fraud

Visa Describes New Skimming Attack Tactics

Doug Olenick • April 9, 2021

Visa's Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over a retailers' servers during payment card skimming attacks.

Cyberwarfare / Nation-State Attacks

US Blacklists 7 Chinese Supercomputer Entities

Scott Ferguson • April 9, 2021

Citing national security concerns, the U.S. Commerce Department has placed seven Chinese supercomputer organizations on the Entity List, which effectively bars them from receiving supplies or components from U.S. companies.

Endpoint Security

Weekly Roundup: Biden’s Cybersecurity Proposals and More

Anna Delaney • April 9, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including President Biden’s latest cybersecurity proposals and large vendor-related breaches in healthcare.

Endpoint Security

FDA's Kevin Fu on Threat Modeling for Medical Devices

Marianne Kolbasuk McGee • April 9, 2021

More precise and pervasive cybersecurity threat modeling during manufacturers' development of medical devices - and also during the regulatory product review process - is critical for risk mitigation, says Kevin Fu, new acting director of medical device cybersecurity at the FDA.

Cybercrime

Crisis Communications: How to Handle Breach Response

Anna Delaney • April 9, 2021

The latest edition of the ISMG Security Report features an analysis of why transparent communication in the aftermath of a data breach pays off. Also featured: Mastercard on digital identity issues; building a more diverse and inclusive cybersecurity workforce.

Identity & Access Management

Death to 'Fluffy': Please Stop With the Pet Name Passwords

Mathew J. Schwartz • April 9, 2021

Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.

Cryptocurrency Fraud

600,000 Payment Cards Stolen From Swarmshop Darknet Market

Doug Olenick • April 8, 2021

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

Cybercrime

Krebs: States Need a Cyber Funding Boost

Scott Ferguson • April 8, 2021

The federal government should provide more funding to state and local agencies for IT projects that could enhance cybersecurity and help mitigate the risk of ransomware attacks, says Christopher Krebs, the former director of CISA.

Cybercrime

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Doug Olenick • April 8, 2021

Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.

Cybercrime

In Wake of Breaches, Accellion Faces at Least 14 Lawsuits

Marianne Kolbasuk McGee • April 7, 2021

At least 14 lawsuits seeking class-action status have been filed against Accellion in the wake of breaches of the vendor's 20-year-old File Transfer Appliance. A motion to consolidate the cases has also been filed.

Cybercrime

Ziggy Ransomware Gang Offers Victims Ransom Refunds

Doug Olenick • April 7, 2021

The now-defunct Ziggy ransomware gang is reportedly offering to return the ransoms it collected, but some security experts question whether the offer is legitimate or a publicity stunt.