Latest

Critical Infrastructure Security

US Hospitals Warned of Fresh Wave of Ransomware Attacks

Prajeet Nair  •  October 29, 2020

The FBI and CISA warn U.S. hospitals about a fresh wave of Ryuk ransomware attacks that have recently targeted healthcare facilities across the country. Over the past week, several hospitals have publicly reported attacks, which appear to be financially motivated.

Governance & Risk Management

Aetna Fined $1 Million After 3 Data Breaches

Marianne Kolbasuk McGee  •  October 28, 2020

Federal regulators have slapped health insurer Aetna with a $1 million HIPAA settlement for three 2017 breaches - including a mailing incident that exposed HIV information - that occurred within six months.

Cybercrime

Ryuk Ransomware Delivered Using Malware-as-a-Service Tool

Prajeet Nair  •  October 28, 2020

The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than botnets such as Trickbot and Emotet, the security firm Sophos reports.

Encryption & Key Management

Analysis: The Security of 5G Devices, Networks

Doug Olenick  •  October 28, 2020

So far, much of the discussion about 5G security has focused on avoiding the use of technology from Chinese manufacturers, including Huawei and ZTE. But security experts are increasingly concerned that 5G network and device providers rushing products to market aren't devoting enough attention to security.

►

COVID-19

CISOs' Pandemic Challenge: More Disruption, Less Budget

Mathew J. Schwartz  •  October 28, 2020

The imperative for CISOs during the COVID-19 pandemic is to do more with less. While disruptive attacks - as well as privacy concerns - keep rising, budgets are down. As organizations rapidly adopt new technologies, however, EY's Kris Lovejoy says CISOs must seize the opportunity to streamline.

Application Security

Apps Infected With Adware Found on Google Play Store

Chinmay Rautmare  •  October 27, 2020

Some 21 malicious Android apps containing intrusive adware were discovered on the Google Play Store, but most have now been removed, according to a new report from the security firm Avast.

Cyberwarfare / Nation-State Attacks

Sizing Up Nation-State Cyberthreats to the US Election

Akshaya Asokan  •  October 27, 2020

Online disinformation campaigns by nation-state actors are the biggest cyberthreat to the U.S. election as hackers attempt to influence final vote tallies as a way to undermine confidence, according to a Digital Shadows report. Russian hackers are most active, followed by Iran and China.

Business Continuity Management / Disaster Recovery

French IT Services Firm Confirms Ryuk Ransomware Attack

Scott Ferguson  •  October 27, 2020

French IT services firm Sopra Steria is confirming that its internal infrastructure sustained a Ryuk ransomware attack that has disrupted its operations, with a full recovery expected to take weeks.

Cybercrime

Even in Test Mode, New Mirai Variant Infecting IoT Devices

Doug Olenick  •  October 26, 2020

A greatly enhanced variant of the powerful Mirai botnet is already infecting IoT devices even though it's operating in a test environment, according to researchers at cybersecurity firm Avira Protection Lab.

COVID-19

Insider Sentenced for Sabotaging PPE Shipments

Marianne Kolbasuk McGee  •  October 26, 2020

A former vice president of a personal protective equipment packaging firm has been sentenced to prison and ordered to pay restitution for sabotaging the company's electronic shipping records during the COVID-19 pandemic - causing delays in deliveries - after he was terminated from his job.

Blockchain & Cryptocurrency

KashmirBlack Botnet Targets Content Management Systems

Prajeet Nair  •  October 26, 2020

Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims.

Fraud Management & Cybercrime

Fraudsters Alter Election Phishing Scam

Chinmay Rautmare  •  October 26, 2020

Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.