Insurance attorney Peter Halprin of the law firm Pasich LLP

Pay Attention to the Fine Print on 'War Exclusions' in Cyber Policies

Marianne Kolbasuk McGee • June 18, 2021

When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.

Cybercrime

'Fear' Likely Drove Avaddon's Exit From Ransomware Fray

Latest

Critical Infrastructure Security

Fake DarkSide Ransomware Gang Targets Energy, Food Sectors

Akshaya Asokan • June 20, 2021

A fake cyber crime group claiming to be DarkSide ransomware is targeting organizations in the food and energy sectors by sending hoax emails to extort ransoms from victims, a report by security firm Trend Micro says. None of the victims has detected any compromise so far.

Business Continuity Management / Disaster Recovery

Senate Approves Chris Inglis as National Cyber Director

Scott Ferguson • June 18, 2021

The U.S. Senate has unanimously approved Chris Inglis as national cyber director. He assumes the role as the country is still reeling from a series of ransomware attacks and the SolarWinds supply chain attack. Meanwhile, confirmation of a new CISA director is on hold.

Breach Notification

Senators Draft a Federal Breach Notification Bill

Scott Ferguson • June 18, 2021

A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.

Fraud Management & Cybercrime

ISMG Editors’ Panel: NATO's Cybersecurity Policy and More

Anna Delaney • June 18, 2021

In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including NATO's new cyber defense policy, the outlook for congressional regulatory action to address the ransomware threat, and cybersecurity comments by U.S. Rep. Jim Langevin.

NSA Offers Tips on Securing Unified Communication Channels

Akshaya Asokan • June 18, 2021

The U.S. National Security Agency has released new guidance to help federal agencies as well as business enterprises protect their unified communications channels and voice/video over IP calls from cyberthreats.

Critical Infrastructure Security

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Anna Delaney • June 18, 2021

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S. cybersecurity defenses.

Governance & Risk Management

Cyberium Domain Targets Tenda Routers in Botnet Campaign

Akshaya Asokan • June 17, 2021

Malware hosting domain Cyberium has spread multiple Mirai variants, including one that targeted vulnerable Tenda routers as part of a botnet campaign, AT&T Alien Labs reports.

Business Continuity Management / Disaster Recovery

DHS Preparing More Cybersecurity Requirements for Pipelines

Scott Ferguson • June 16, 2021

The Department of Homeland Security unit that's responsible for the safety of the nation's interstate pipelines is preparing new cybersecurity requirements for oil and gas companies in the wake of the Colonial Pipeline Co. ransomware attack.

Business Email Compromise (BEC)

Behind the Scenes of a Business Email Compromise Attack

Rashmi Ramesh • June 16, 2021

The Microsoft 365 Defender research team says it has “disrupted a large-scale business email compromise infrastructure hosted in multiple web services.” It describes in a blog post how the BEC fraud scheme worked.

Cybercrime

How 'SEO Poisoning' Is Used to Deploy Malware

Prajeet Nair • June 16, 2021

SolarMarker malware operators are using "SEO poisoning" techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports.

Cloud Security

Forcepoint, Deloitte and Cerberus Sentinel Make Acquisitions

Doug Olenick • June 16, 2021

Three cybersecurity deals were announced Tuesday, with Forcepoint, Deloitte and Cerberus Sentinel all making acquisitions.

Endpoint Security

Apple Patches 3 Flaws Affecting Certain Devices

Akshaya Asokan • June 16, 2021

Apple has released patches for two zero-day vulnerabilities and a fix for another security issue, all of which affected devices running iOS version 12.5.3. It says the zero-day flaws are being exploited in the wild.