Latest

Card Not Present Fraud

Ukrainian Cops Bust Phishing Group That Stole $4.3 Million

Mihir Bagwe  •  March 31, 2023

The Ukrainian law enforcement busted a transnational group of scammers that used more than a hundred phishing websites to defraud Europeans. Scammers embezzled nearly $4.4 million by fooling more than a thousand victims to hand over payment card details, say police.

API Security

Evolving AlienFox Malware Steals Cloud Services Credentials

Prajeet Nair  •  March 31, 2023

Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.

Finance & Banking

SEC Eyes Final Rules on Incident Disclosure, Board Expertise

Michael Novinson  •  March 31, 2023

Rules coming in April could require publicly traded companies to disclose a breach within four days of deeming it material as well as board member cybersecurity expertise. The SEC in March 2022 proposed a mandate that companies disclose "material" incidents within four business days of discovery.

3rd Party Risk Management

3 More Healthcare Entities Report Website Tracking Breaches

Marianne Kolbasuk McGee  •  March 31, 2023

Three more healthcare organizations have joined the growing list of entities reporting large data breaches to federal regulators involving the previous use of tracking codes on their websites.

Endpoint Security

Spyware Campaigns Exploited Zero-Day iOS and Android Flaws

Jayant Chakravarti  •  March 30, 2023

Google says it spotted two "highly targeted" advanced spyware campaigns using zero-days in the Android and iOS operating systems and vulnerabilities in the Samsung Internet Browser. The U.S. Cybersecurity and Infrastructure Security Agency ordered agencies to patch many of the vulnerabilities.

Blockchain & Cryptocurrency

Cryptohack Roundup: Euler Finance, SafeMoon, BitKeep

Rashmi Ramesh  •  March 30, 2023

Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.

Finance & Banking

Court Won't Certify Class Action Lawsuit in CareFirst Hack

Marianne Kolbasuk McGee  •  March 30, 2023

A U.S. federal court ruling this week is the latest setback for plaintiffs in an 8-year-old proposed class action litigation against health insurer CareFirst BlueCross BlueShield in the aftermath of a 2014 cyberattack that affected more than 1.1 million individuals.

Cyberwarfare / Nation-State Attacks

3CX Desktop Client Under Supply Chain Attack

Prajeet Nair  •  March 30, 2023

Suspected North Korean hackers trojanized installers of a voice and video calling desktop client made by 3CX and used by major multinational companies. The vulnerability traces to a poisoned Electron software library file, an open-source framework for user interfaces.

Cyberwarfare / Nation-State Attacks

Leaks Reveal Moscow Source for Hacking, Disinformation Tools

Mathew J. Schwartz  •  March 30, 2023

Leaked documents from a Moscow IT consultancy reveal how the Russian government has commissioned tools for its military and intelligence agencies for conducting cyber operations, information warfare, and controlling the internet, as well as training critical infrastructure hackers.

Fraud Management & Cybercrime

Breach Roundup: Lumen, QNAP, NCB and Toyota Italy

Mihir Bagwe  •  March 30, 2023

In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.

►

Fraud Management & Cybercrime

Will Customer Refunds for Scams Trigger First-Party Fraud?

Suparna Goswami  •  March 30, 2023

The U.S. Consumer Financial Protection Bureau is mulling over whether to reimburse consumers for online scams and fraud, but this regulatory change could lead to an increase in first-party fraud, cautioned Karen Boyer, senior vice president of financial crimes at M&T Bank.

Artificial Intelligence & Machine Learning

Tech Luminaries Call for Pause in AI Development

Anviksha More  •  March 29, 2023

A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.