Ransom note dropped by Phobos crypto-locking ransomware (Source: Coveware)

Ransomware Attacks: STOP, Dharma, Phobos Dominate

Mathew J. Schwartz • October 16, 2019

Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma .cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.

Cybercrime

How Cybercriminals Continue to Innovate

Latest

Blockchain & Cryptocurrency

'Graboid' Cryptojacking Worm Spreads Through Containers

Jeffrey Burt • October 16, 2019

Attackers are using Docker containers to spread a cryptojacking worm in a campaign dubbed "Graboid," according to researchers at Palo Alto Network's Unit 42 threat research unit. Although the researchers describe the campaign as "relatively inept," they says it has the potential to become much more dangerous.

Blockchain & Cryptocurrency

Phony Company Used to Plant macOS Malware: Report

Apurva Venkat • October 16, 2019

Security researchers have found that a hacking group, which may have North Korean ties, recently created a phony company offering a cryptocurrency exchange platform as a step toward planting malware on the macOS devices of employees of cryptocurrency exchanges.

CISO Trainings

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

Information Security Media Group • October 16, 2019

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization...

Endpoint Security

IoT in Vehicles: The Trouble With Too Much Code

Jeremy Kirk • October 16, 2019

The threat and risk surface of internet of things devices deployed in automobiles is exponentially increasing, which poses risks for the coming wave of autonomous vehicles, says Campbell Murray of Blackberry. Large code bases, which likely have many hidden software bugs, are part of the problem, he says.

Blockchain & Cryptocurrency

Libra Association Launched Amidst Defections, Congressional Scrutiny

Akshaya Asokan • October 15, 2019

The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.

Cybercrime

FIN7 Gang Returns With New Malicious Tools: Researchers

Apurva Venkat • October 15, 2019

Despite a crackdown on some of its members in 2018, the FIN7 gang has returned with new malicious tools, including a revamped dropper and payload, according to analysts at FireEye. The hacking group is known for targeting point-of-sale machines and IT networks at a wide variety of businesses.

Legislation & Litigation

How Has FTC Data Security Enforcement Changed?

Marianne Kolbasuk McGee • October 15, 2019

In the wake of a federal appeals court ruling last year vacating a Federal Trade Commission enforcement action against LabMD, the FTC's data security consent orders are becoming far more detailed and rigorous, says former FTC attorney Julie O'Neill.

Cybercrime

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Mathew J. Schwartz • October 15, 2019

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.

3rd Party Risk Management

Analysis: New ISO Privacy Standard

Suparna Goswami • October 15, 2019

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.

Governance

CCPA Amendments Signed; Draft Regulations Released

Scott Ferguson • October 14, 2019

Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.

Breach Notification

Hepatitis Patients' Data Exposed

Marianne Kolbasuk McGee • October 14, 2019

The Philadelphia Department of Public Health inadvertently exposed on its website the records of thousands of hepatitis patients, according to a local news report. The incident points to the need for better staff training, one expert says.

Cyberwarfare / Nation-State Attacks

Nation-State Hackers Greatest Threat to 5G Networks: Report

Apurva Venkat • October 11, 2019

Nation-state attackers from outside the European Union pose the greatest threat to the continent's upcoming 5G networks, according to a new security assessment, which sidesteps the issue of Chinese firm Huawei's role in building these networks.