Some experts say Russia engages in 4D campaigns - for dismiss, distort, distract and dismay - and has been actively targeting Ukraine. (Source: Lukas Andriukaitis, @LAndriukaitis)

Wiper Malware in Ukraine Ties to Summer 2021 Intrusions

Mathew J. Schwartz • January 21, 2022

When it comes to cyber intrusions launched by one nation-state against another, where's the red line? While blame has yet to be cast for a wiper malware attack against Ukrainian government systems, researchers say the infections tie to network intrusions that began last summer.

Business Continuity Management / Disaster Recovery

Russia Arrests 14 Suspected REvil Ransomware Group Members

Latest

Application Security

Twitter Reportedly Fires Head of Security, CISO to Leave

Prajeet Nair • January 22, 2022

Twitter has said it is firing Peiter Zatko, the network security expert that it hired on November 2020 as head of security. The changes in the security team followed “an assessment of how the organization was being led,” according to a company memo shared with The New York Times.

Blockchain & Cryptocurrency

US Federal Reserve Issues Report on Digital Dollar

Dan Gunderman • January 21, 2022

The Federal Reserve has published its long-awaited discussion paper on a central bank digital currency. In it, the Fed points to the innovative qualities of digital currencies, but stresses potential risks to the nation's financial system, including heightened cyberthreats and privacy concerns.

Application Security

Federal Authorities, Patient Safety Experts Warn of Risks

Marianne Kolbasuk McGee • January 21, 2022

Cyberattacks remain a critical security concern - and a top patient safety hazard - for the healthcare and public health sector in 2022, federal authorities and other experts warned this week. Will recent takedowns of ransomware criminal gang members by law enforcement agencies help?

Cybercrime

EU Plans to Build Its Own DNS Infrastructure

Mihir Bagwe • January 21, 2022

The European Union has initiated plans to build its own high-performance and secure DNS resolution infrastructure to reduce reliance on a few public DNS resolvers operated by non-EU entities. The service, named DNS4EU, is to be made available to all EU citizens and organizations.

Application Security

3 Weeks, 6 Bugs: Experts Analyze, Advise on WordPress Flaws

Soumik Ghosh • January 21, 2022

Since Jan. 1, security researchers have identified six vulnerabilities affecting hundreds of thousands of WordPress websites. Cybersecurity experts say that the ubiquity of the content management platform makes it a prime target for attackers, and they offer holistic security solutions.

Application Security

ISMG Editors: Will Ransomware Kill Cyber Insurance?

Anna Delaney • January 21, 2022

In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.

3rd Party Risk Management

From the Trenches: Remediating Widespread Apache Log4j Flaw

Mathew J. Schwartz • January 21, 2022

Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.

Blockchain & Cryptocurrency

Crypto.com Confirms Breach, Nearly $34 Million in Losses

Dan Gunderman , Devon Warren-Kachelein • January 21, 2022

Singaporean cryptocurrency exchange Crypto.com confirms that its platform fell victim to a multimillion-dollar cyberattack. In a postmortem entry on its site, Crypto.com says unauthorized withdrawals targeted Ethereum and Bitcoin of 483 users. Associated losses were near $34 million.

Application Security

Ukraine Cyber Attacks: A Case of Hacktivism?

Anna Delaney • January 21, 2022

The latest edition of the ISMG Security Report features an analysis of whether the cyberattacks that hit Ukraine's government agencies last week are attributable to any group or nation-state along with updates to the cybersecurity executive order and illicit cryptocurrency trends.

Endpoint Security

Israeli Officials Deny Claims of Improper Spyware Use

Dan Gunderman • January 20, 2022

New developments have emerged in the case of the Israel Police allegedly using the flagship spyware of NSO Group, Pegasus, on its own citizens, with reported targets including critics of former Prime Minister Benjamin Netanyahu, among others. Following a bombshell local report, high-ranking Israeli officials have...

3rd Party Risk Management

UK Issues Fresh Proposals to Tackle Cyberthreats

Prajeet Nair • January 20, 2022

The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.

3rd Party Risk Management

HHS HC3: Healthcare Sector Remains at Risk for Log4j Attacks

Marianne Kolbasuk McGee • January 20, 2022

Although there have been no major compromises in the healthcare and public health sector to date involving Apache Log4j flaws, the sector remains highly vulnerable, federal regulators warn.