BlackMatter's dedicated data leak site (Source: Recorded Future)

BlackMatter Ransomware Appears to Be Spawn of DarkSide

Mathew J. Schwartz • August 2, 2021

The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."

3rd Party Risk Management

Alert for Ransomware Attack Victims: Here's How to Respond

Latest

COVID-19

Zoom Agrees to Settle Security Lawsuit for $85 Million

Scott Ferguson • August 2, 2021

Cloud video conferencing provider Zoom has agreed to settle a consolidated class action federal lawsuit for $85 million as well as reform its security and data privacy practices.

Fraud Management & Cybercrime

Ransomware Attackers Eying 'Pure Data-Leakage Model'

Mathew J. Schwartz • August 2, 2021

A funny thing happened on the way to the nonstop ransomware payday: Some groups hit the wrong targets - Ireland's health system, a major U.S. fuel pipeline - resulting in the U.S. moving to much more aggressively disrupt their business model, says Bob McArdle, director of cybercrime research at Trend Micro.

Cybercrime

FatalRAT Exploits Telegram to Deliver Malicious Links

Prajeet Nair • August 2, 2021

A remote access Trojan is being distributed via download links for software or media articles on Telegram channels, according to researchers at AT&T Alien Labs.

Account Takeover Fraud

Researchers Uncover New Android Banking Malware

Akshaya Asokan • July 31, 2021

A newly uncovered banking Trojan dubbed Vultur is targeting Android users through screen recording to capture the victims' banking credentials, a new report by security firm ThreatFabric says.

Artificial Intelligence & Machine Learning

NIST Works to Create AI Risk Management Framework

Dan Gunderman • July 31, 2021

Citing a need to secure artificial intelligence technologies, NIST is working to create risk management guidance around the use of AI and machine learning, the agency has announced. NIST is seeking feedback to address governance challenges.

Cyberwarfare / Nation-State Attacks

Researchers Find More Servers Tied to Russian-Linked Attacks

Scott Ferguson • July 30, 2021

Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear.

Governance & Risk Management

Patching Woes: Most Frequently Exploited CVEs Listed

Dan Gunderman • July 30, 2021

A joint cybersecurity advisory issued by several agencies this week highlighting the ongoing exploits of longstanding software vulnerabilities illustrates the woeful state of patch management, security experts say.

Fraud Management & Cybercrime

ISMG Editors’ Panel: Ransomware Update

Anna Delaney • July 30, 2021

In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative.

Critical Infrastructure Security

Wiper Malware Used in Attack Against Iran's Train System

Jeremy Kirk • July 30, 2021

Nearly three weeks ago, Iran's state railway company was hit with a cyberattack that was disruptive and - somewhat unusually - also playful. Security firm SentinelOne says analyzing the wiper malware involved offers tantalizing clues about the attackers' skills, but no clear attribution.

Governance & Risk Management

Flaw Found in Moodle Online Learning Platform

Akshaya Asokan • July 30, 2021

The bug hunting team at pentesting firm Haxolot.com uncovered a remote code execution vulnerability in Moodle, an open-source online learning platform widely used by universities worldwide. The flaw has since been patched.

Critical Infrastructure Security

Analysis: Keeping Track of Ransomware Gangs

Anna Delaney • July 30, 2021

The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools.

Critical Infrastructure Security

What Can Be Done to Enhance Electrical Grid Security?

Dan Gunderman • July 29, 2021

The lack of adequate security features in critical electric grid equipment that's made in other nations poses a serious U.S. cybersecurity threat, federal officials said this week. Supply chain attacks could take down the grid and result in a lengthy recovery period, they told Congress.