Researchers Disclose More Malware Used in SolarWinds Hack

Scott Ferguson • March 4, 2021

Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds in December. These second-stage malware variants appear to have been deployed after organizations downloaded the "Sunburst" backdoor hidden in a software update.

Application Security

Not 'Above the Law' - Feds Target ICO Cryptocurrency Scams

Latest

Governance & Risk Management

Lesson From SolarWinds Attack: It's Time to Beef Up IAM

Scott Ferguson • March 4, 2021

The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by NIST and CISA.

Identity & Access Management

Okta to Buy Auth0 for $6.5 Billion

Doug Olenick • March 4, 2021

The security firm Okta shook up the identity and access management market Wednesday by announcing a $6.5 billion deal to acquire the customer IAM technology supplier Auth0. Two other cybersecurity M&A deals were also announced this week.

Breach Notification

Russian Cybercriminal Forum 'Maza' Breached

Akshaya Asokan • March 4, 2021

Maza, a Russian carding and fraud discussion forum, has been breached, and hackers have leaked users' email addresses and forum credentials, security firm Flashpoint reports.

Identity & Access Management

Changing Authentication for Employees

Suparna Goswami • March 4, 2021

New authentication models, including dynamic authorization and continuous authentication, that work well for consumers can be adopted for employees as well, says Thomas Malta, head of identity and access management at the Virginia-based Navy Federal Credit Union.

3rd Party Risk Management

GAO Report Highlights Need for Centralized Cyber Leadership

Scott Ferguson • March 3, 2021

A lack of centralized leadership, especially at the White House level, is hindering the federal government's ability to address numerous cybersecurity issues, including the SolarWinds supply chain attack that affected federal agencies and others, according to a new GAO report.

Application Security

Microsoft Patches Four Zero-Day Flaws in Exchange

Jeremy Kirk • March 3, 2021

Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.

Governance & Risk Management

Cybersecurity Leadership: Identity, Access, Complexity

Tom Field • March 3, 2021

In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.

Artificial Intelligence & Machine Learning

AI Supremacy: Russia, China Could Edge Out US, Experts Warn

Scott Ferguson • March 2, 2021

The U.S. is in danger of falling behind China and Russia in developing artificial intelligence technologies and countering cybersecurity threats that could develop as AI use becomes more widespread, according to a newly released report from the National Security Commission on Artificial Intelligence.

Cybercrime

Hackers Use Search Engine Optimization to Deliver Malware

Akshaya Asokan • March 2, 2021

A new malware loader dubbed "Gootloader" is using search engine optimization techniques to spread ransomware, Trojans and other malware, the security firm Sophos reports.

Fraud Management & Cybercrime

Stopping Stock Manipulation Fraud

Suparna Goswami • March 2, 2021

The recent manipulation of GameStop stock points to the need for public companies to carefully monitor mentions of their firm on social media channels to look for signs of emerging fraudulent practices, says Chase Cunningham, chief strategy officer at Ericom Software.

3rd Party Risk Management

Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains

Tom Field • March 1, 2021

Jamil Farshchi has been there. As CISO of Equifax, he knows what it’s like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: "Are they going to be a force for good by helping the rest of the industry learn from their experience?"

COVID-19

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

Marianne Kolbasuk McGee • March 1, 2021

Two Indian vaccine makers and an Oxford University lab are reportedly among the latest targets of hackers apparently seeking to steal COVID-19 research data.