Latest

Breach Notification

Cyber Incident Knocks Construction Firm Palfinger Offline

Doug Olenick  •  January 25, 2021

The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.

Governance & Risk Management

Pediatric Hospital Faces Lawsuit After Blackbaud Breach

Marianne Kolbasuk McGee  •  January 25, 2021

A proposed class-action lawsuit has been filed against Rady Children's Hospital-San Diego in the wake of a data breach resulting from a ransomware attack on Blackbaud, the hospital's cloud-based fundraising software vendor.

►

Fraud Management & Cybercrime

Assessing the SolarWinds Hack's Impact on Fraud

Suparna Goswami  •  January 25, 2021

What impact could the SolarWinds supply chain hack have on fraud trends? Al Pascual of Breach Clarity offers an analysis.

DDoS Protection

DDoS Attackers Exploit Vulnerable Microsoft RDP Servers

Prajeet Nair  •  January 25, 2021

Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice.

Cryptocurrency Fraud

Russian Pleads Guilty to Running Cybercrime Forum

Prajeet Nair  •  January 25, 2021

A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.

Fraud Management & Cybercrime

Tesla Sues Former Employee, Alleges IP Theft

Doug Olenick  •  January 25, 2021

Tesla has filed a lawsuit against a former employee who the carmaker says stole thousands of confidential software files almost immediately after being hired in December.

Cybercrime as-a-service

DDoS Attackers Revive Old Campaigns to Extort Ransom

Akshaya Asokan  •  January 23, 2021

Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations refused to pay the initial ransom demand, a new report by security firm Radware finds.

Breach Notification

Intel Investigating Hack of Confidential Financial Report

Doug Olenick  •  January 23, 2021

Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to release its earnings slightly earlier than planned.

Business Email Compromise (BEC)

Fraudsters Are Using Google Forms to Evade Email Filters

Prajeet Nair  •  January 23, 2021

Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.

COVID-19

Biden's COVID-19 Plan Calls for Assessment of Cyberthreats

Marianne Kolbasuk McGee  •  January 22, 2021

President Joe Biden's COVID-19 response strategy calls for an assessment of "ongoing cyberthreats and foreign interference campaigns targeting COVID-19 vaccines and related public health efforts."

►

3rd Party Risk Management

How to Manage Software Supply Chain Risks

Jeremy Kirk  •  January 22, 2021

The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.

Fraud Management & Cybercrime

Texas Medical Center Breach Affects 640,000

Marianne Kolbasuk McGee  •  January 22, 2021

An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.