Example of a malicious message, written in German, that contains a malicious attachment sent through a collaboration platform channel (Source: Cisco Talos)

Fraudsters Flooding Collaboration Tools With Malware

Prajeet Nair • April 9, 2021

The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.

Governance & Risk Management

North Korean Group Targets Security Researchers - Again

Latest

3rd Party Risk Management

Biden Seeks to Boost CISA's Budget by $110 Million

Akshaya Asokan • April 11, 2021

President Joe Biden is asking Congress to boost CISA's budget by $110 million in 2021 to allow the agency to address a range of cybersecurity issues following several high-profile incidents that have happened in the past six months.

Account Takeover Fraud

Visa Describes New Skimming Attack Tactics

Doug Olenick • April 9, 2021

Visa's Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over a retailers' servers during payment card skimming attacks.

Cyberwarfare / Nation-State Attacks

US Blacklists 7 Chinese Supercomputer Entities

Scott Ferguson • April 9, 2021

Citing national security concerns, the U.S. Commerce Department has placed seven Chinese supercomputer organizations on the Entity List, which effectively bars them from receiving supplies or components from U.S. companies.

Endpoint Security

Weekly Roundup: Biden’s Cybersecurity Proposals and More

Anna Delaney • April 9, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including President Biden’s latest cybersecurity proposals and large vendor-related breaches in healthcare.

Cyberwarfare / Nation-State Attacks

Lazarus Group Targets Freight Logistics Firm

Akshaya Asokan • April 9, 2021

The Lazarus Group, a North Korean-linked APT group, has recently deployed a previously undocumented backdoor called "Vyveva" to target a freight logistics company in South Africa, according to ESET.

Endpoint Security

FDA's Kevin Fu on Threat Modeling for Medical Devices

Marianne Kolbasuk McGee • April 9, 2021

More precise and pervasive cybersecurity threat modeling during manufacturers' development of medical devices - and also during the regulatory product review process - is critical for risk mitigation, says Kevin Fu, new acting director of medical device cybersecurity at the FDA.

Cybercrime

Crisis Communications: How to Handle Breach Response

Anna Delaney • April 9, 2021

The latest edition of the ISMG Security Report features an analysis of why transparent communication in the aftermath of a data breach pays off. Also featured: Mastercard on digital identity issues; building a more diverse and inclusive cybersecurity workforce.

Cryptocurrency Fraud

600,000 Payment Cards Stolen From Swarmshop Darknet Market

Doug Olenick • April 8, 2021

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

Cybercrime

Krebs: States Need a Cyber Funding Boost

Scott Ferguson • April 8, 2021

The federal government should provide more funding to state and local agencies for IT projects that could enhance cybersecurity and help mitigate the risk of ransomware attacks, says Christopher Krebs, the former director of CISA.

Cybercrime

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Doug Olenick • April 8, 2021

Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.

Business Continuity Management / Disaster Recovery

Ransomware Gang Exploits Old Fortinet VPN Flaw

Akshaya Asokan • April 8, 2021

The gang behind ransomware dubbed "Cring," which has waged a series of attacks this year, is exploiting a Fortinet VPN server vulnerability that the company patched in 2019, according to a report from the security firm Kaspersky that analyzes one attack in Europe.

Governance & Risk Management

Rockwell Automation Fixes 9 Flaws in FactoryTalk AssetCentre

Prajeet Nair • April 8, 2021

Researchers have uncovered nine critical vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre product, which, if exploited, potentially could enable attackers to control an OT network. An updated version of the product mitigates the flaws.