An timeline illustrating a Raindrop infection (Source: Symantec Threat Intelligence )

'Raindrop' Is Latest Malware Tied to SolarWinds Hack

Doug Olenick • January 19, 2021

Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.

Breach Notification

'SolarLeaks' Site Claims to Offer Attack Victims' Data

Latest

Governance & Risk Management

Microsoft Taking Additional Steps to Address Zerologon Flaw

Prajeet Nair • January 19, 2021

Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.

Breach Notification

OpenWRT Project Community Investigating Data Breach

Prajeet Nair • January 19, 2021

OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.

Fraud Management & Cybercrime

FBI Warns of Increase in Vishing Attacks

Akshaya Asokan • January 19, 2021

The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote and at-home workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.

Cyberwarfare / Nation-State Attacks

Biden's $10 Billion Cybersecurity Proposal: Is It Enough?

Scott Ferguson • January 18, 2021

President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort.

Business Email Compromise (BEC)

COVID-19 Vaccine Themes Persist in Fraud Schemes

Prajeet Nair • January 18, 2021

Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.

Breach Notification

NZ Reserve Bank Governor Says He 'Owns' Breach

Jeremy Kirk • January 18, 2021

The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.

Governance & Risk Management

Is a US National Privacy Law on the Horizon?

Marianne Kolbasuk McGee • January 18, 2021

The prospects for passing a U.S. privacy law will improve under the Biden administration, predicts attorney Kirk Nahra, who offers a legislative outlook.

Card Not Present Fraud

Joker's Stash Reportedly Shutting Down Operations

Akshaya Asokan • January 16, 2021

Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming he will "retire" at that time, according to Gemini Advisory. Researchers say fraudsters will quickly move to other sites.

Cybercrime

Hacker Blows Chance at Early Release by Hacking More

Doug Olenick • January 16, 2021

The U.S. Justice Department has charged Ardit Ferizi, a Kosovo citizen, with fraud and identity theft, accusing him of continuing to commit cybercrimes while he was behind bars serving a 20-year prison sentence for aiding Islamic terrorist groups.

Cybercrime as-a-service

Magecart Groups Hide Behind 'Bulletproof' Hosting Service

Prajeet Nair • January 16, 2021

Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers at RiskIQ. The hosting service is notorious for catering to cybercriminals and hackers.

Anti-Phishing, DMARC

Iranian APT Group Revived Phishing Activities Over Holidays

Akshaya Asokan • January 16, 2021

A recent phishing campaign tied to an Iranian hacking group known as "Charming Kitten" used SMS and email messages to spread malicious links in an attempt to steal email credentials in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports.

Cyberwarfare / Nation-State Attacks

Biden Inauguration: Defending Against Cyberthreats

Doug Olenick • January 15, 2021

As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well.