Latest

Fraud Management & Cybercrime

Zoom Contacts Feature Leaks Email Addresses, Photos

Jeremy Kirk  •  April 1, 2020

Popular teleconferencing software Zoom is continuing to fall under scrutiny as questions are raised over its privacy and security practices. The latest issue: a feature that inadvertently reveals strangers' email addresses and profile photos.

Account Takeover

FBI Alleges Russian Man Laundered Cybercriminals' Money

Ishita Chigilli Palli  •  April 1, 2020

The FBI has arrested a Russian national for allegedly helping an international cybercriminal gang launder its money by turning cash into bitcoin and other cryptocurrencies, according to court documents.

Business Email Compromise (BEC)

Nigerian BEC Scammers Increase Proficiency: Report

Akshaya Asokan  •  April 1, 2020

Nigerian cybercriminal gangs have become even more proficient in waging business email compromise attacks, according to an analysis from Palo Alto Network's Unit 42 that describes recent trends.

Cyberwarfare / Nation-State Attacks

Election Campaign Security Revisited

Tom Field  •  April 1, 2020

With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S. CyberDome election security effort, shares an update.

Cybercrime

FBI Warns of 'Kwampirs' Malware Supply Chain Attacks

Marianne Kolbasuk McGee  •  March 31, 2020

The FBI has issued an alert reminding the healthcare sector and other industries about the ongoing threat of Kwampir remote access Trojan attacks on the supply chain.

Cybercrime

FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets

Mathew J. Schwartz  •  March 30, 2020

The FBI warns that the notorious FIN7 cybercrime gang has a new trick up its sleeve: Mailing victims a $50 gift card portrayed as good for redeeming items listed on an accompanying USB storage device, which in reality downloads Griffon backdoor software to give attackers remote access.

►

Business Continuity Management / Disaster Recovery

COVID-19 and the Human Side of Cybersecurity Leadership

Tom Field  •  March 30, 2020

When securing the remote workforce, it's important to be mindful of the human challenges - educating children, caring for elders and dealing with the barrage of COVID-19 news, says Microsoft's Diana Kelley, who shares insights on balancing cybersecurity and compassion.

Breach Notification

Health Data Breach Tally Spikes in Recent Weeks

Marianne Kolbasuk McGee  •  March 30, 2020

The total number of health data breaches - and individuals affected - on the 2020 tally has more than doubled in recent weeks. Here are the details.

Endpoint Security

Will 5G Networks Inherit Vulnerabilities in 4G Networks?

Akshaya Asokan  •  March 30, 2020

If vulnerabilities in 4G cellular networks that can expose them to denial-of-service and other attacks are not addressed, emerging 5G networks could inherit these same issues, the security firm Positive Technologies reports.

Electronic Healthcare Records

Coalition Formed to Address COVID-19 Crisis

Marianne Kolbasuk McGee  •  March 27, 2020

More than two dozen healthcare organizations and technology firms have formed a coalition to help address the COVID-19 crisis by using secure information sharing and data analysis. But observers warn the group must devote enough attention to privacy and security issues.

Business Continuity Management / Disaster Recovery

Analysis: Russia's COVID-19 Disinformation Campaign

Nick Holland  •  March 27, 2020

The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.

Cybercrime

Tupperware Website Hit by Card Skimmer

Ishita Chigilli Palli  •  March 26, 2020

Tupperware, known for its colorful array of food storage containers, is the latest company to have its website hit with a card skimmer that siphons off payment card details at checkout, according to the security firm Malwarebytes. Malicious JavaScript hid in the online checkout payment form.