It's Official: CCPA Enforcement Begins

Doug Olenick • July 1, 2020

Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take.

Cyberwarfare / Nation-State Attacks

Nefilim Ransomware Gang Tied to Citrix Gateway Hacks

Latest

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field • July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."

Identity & Access Management

Building Trust in Digital Identities

Anna Delaney • July 1, 2020

Implementing trusted digital IDs will create benefits for end users as well as service providers, says Nick Mothershaw, chair and executive director at the Open Identity Exchange. But widespread international adoption of such IDs will take time to achieve, he acknowledges.

Cybercrime

FakeSpy Android Malware Disguised as Postal Service Messages

Akshaya Asokan • July 1, 2020

The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason. The messages are designed to appear to come from postal and delivery services.

Cyberwarfare / Nation-State Attacks

FCC: Huawei, ZTE Are 'National Security Threats'

Ishita Chigilli Palli • July 1, 2020

The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp. as "national security threats," barring American telecommunications firms from using certain federal funds to buy their equipment, such as for building 5G networks.

COVID-19

Guarding Against COVID-19 Fraud Schemes

Marianne Kolbasuk McGee • July 1, 2020

With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights.

Fraud Management & Cybercrime

Bills Call for State, White House Cybersecurity Coordinators

Ishita Chigilli Palli • June 30, 2020

A bipartisan group of U.S. senators is calling for federal funding for cybersecurity coordinators in every state. Meanwhile, a measure introduced in the House would restore the position of cybersecurity director in the White House.

Breach Notification

Victim Count in Magellan Ransomware Incident Soars

Marianne Kolbasuk McGee • June 30, 2020

The number of companies and individuals affected by an April ransomware attack on managed care provider Magellan Health continues to grow. This illustrates the risks faced by interconnected organizations in the healthcare sector.

COVID-19

Brute-Force Attacks Targeting RDP on the Rise

Akshaya Asokan • June 30, 2020

Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET. These attacks pave the way for launching ransomware attacks and planting cryptominers.

Fraud Management & Cybercrime

Ransomware Targets Mac Users

Doug Olenick • June 30, 2020

A ransomware strain targeting Mac users is spreading via a fake installer for Little Snitch - a host-based application firewall for macOS - according to the security firm Malwarebytes, which says the malware is poorly designed.

Business Continuity Management / Disaster Recovery

UCSF Med School Pays $1.1 Million Ransom

Scott Ferguson , Doug Olenick • June 29, 2020

The University of California San Francisco says it paid a $1.14 million ransom earlier this month to obtain decryptor keys to unlock several servers within its school of medicine that were struck with ransomware.

Fraud Management & Cybercrime

Data Breach Settlement Has an Unusual Provision

Marianne Kolbasuk McGee • June 29, 2020

A preliminary settlement in a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an unusual provision that could prove quite costly.

Account Takeover

Magecart Card Skimmer Hidden in Image's EXIF Metadata

Doug Olenick • June 29, 2020

Payment card hackers are now hiding malicious JavaScript inside an image's EXIF metadata and then sneaking the image onto e-commerce sites, according to the security firm Malwarebytes.