Latest

Endpoint Security

More Than 1,000 IoT Security Guidelines: Which One to Use?

Jeremy Kirk  •  July 7, 2020

With more than 1,000 IoT security guidelines, recommendations and best practices, which ones should an organization follow? Researchers at Carleton University in Canada say 91 percent of the guides are outcome-based, which are not necessarily easy for manufacturers to follow.

Cybercrime

Purple Fox Malware Targets More Vulnerabilities

Ishita Chigilli Palli  •  July 7, 2020

The developers behind the Purple Fox fileless downloader malware recently upgraded their operation and are now targeting two new vulnerabilities to gain access to networks, according to a report by security firm Proofpoint.

Business Continuity Management / Disaster Recovery

Ransomware + Exfiltration + Leaks = Data Breach

Mathew J. Schwartz  •  July 7, 2020

Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches.

Cybercrime

Just How Lucrative Are BEC Scams?

Doug Olenick  •  July 6, 2020

A Nigerian national who has been extradited to the United States allegedly laundered millions of dollars stolen in business email compromise scams, according to the Justice Department. He flaunted his lavish lifestyle on social media, prosecutors say.

►

Identity & Access Management

Progress Report: FIDO's Effort to Eliminate Passwords

Anna Delaney  •  July 6, 2020

Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers.

Fraud Management & Cybercrime

How Ekans Ransomware Targets Industrial Control Systems

Akshaya Asokan  •  July 4, 2020

Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.

Cyberwarfare / Nation-State Attacks

NASA Still Struggling With Agency-Wide Cybersecurity Program

Prajeet Nair  •  July 4, 2020

A recent inspector general's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019. The oversite report lists a series of improvements that NASA should make.

Cybercrime

Operators Behind Valak Malware Expand Malicious Campaign

Ishita Chigilli Palli  •  July 3, 2020

The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer.

Application Security

Apache Guacamole Vulnerable to Reverse RDP Vulnerabilities

Akshaya Asokan  •  July 3, 2020

Apache Guacamole, an open-source application that allows for remote connections to devices, contains several vulnerabilities that could enable attackers to steal data or run remote code execution, Check Point Research found. These bugs come at a time when many employees are still working remotely.

Account Takeover

Digital IDs: A Progress Report

Nick Holland  •  July 3, 2020

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

Account Takeover

POS Malware Using DNS to Steal Payment Card Data

Ishita Chigilli Palli  •  July 2, 2020

Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs. The malware operators are using unsecured DNS protocols to exfiltrate the data.

►

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field  •  July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."