Latest

►

Business Continuity Management / Disaster Recovery

CISO Conversations: Healthcare's Unique Opportunity

Tom Field  •  April 3, 2020

Healthcare professionals are on the front line in the war against COVID-19, and their cybersecurity leaders bear unique pressure to support and secure their efforts. But amidst this crisis, Anahi Santiago, CISO of ChristianaCare Health System, also sees tremendous strides in telehealth delivery.

Cybercrime

Magecart Group Hits Small Businesses With Updated Skimmer

Ishita Chigilli Palli  •  April 3, 2020

A Magecart group has been using a new skimmer technique to target the online checkout sites of smaller businesses in order to steal credit card data, according to RiskIQ researchers, who have spotted 19 of these malicious JavaScript attacks so far.

Cybercrime

Botnet Targets Devices Running Microsoft SQL Server: Report

Apurva Venkat  •  April 3, 2020

Researchers at security firm Guardicore Labs are tracking a botnet they call Vollgar that's targeting devices running vulnerable Microsoft SQL Server databases with brute-force attacks and planting cryptominers in the infected databases.

Anti-Phishing, DMARC

Analysis: The Path Back to Business as Usual After COVID-19

Nick Holland  •  April 3, 2020

The latest edition of the ISMG Security Report offers an analysis of the phases businesses will go through in the recovery from the COVID-19 pandemic, plus an assessment of new risks resulting from the work-at-home shift and lessons learned from the Equifax breach.

COVID-19

Zoom Rushes Patches for Zero-Day Vulnerabilities

Apurva Venkat  •  April 2, 2020

The day after security researcher Patrick Wardle disclosed two zero-day vulnerabilities in the macOS client version of Zoom's teleconferencing platform, the company on Thursday rushed out patches for these flaws and one other.

Endpoint Security

Australian Kids' Smartwatch Maker Hit By Same Bug Again

Jeremy Kirk  •  April 2, 2020

An Australian company that sells a GPS tracking smartwatch for kids accidently exposed personal data a second time. But this time around, it has not notified users about the bug, which also could have been used to spoof the location of children.

►

COVID-19

A CISO Conversation: Managing the Remote Workforce

Tom Field  •  April 1, 2020

As CISO of SoftBank Investment Advisers, Gary Hayslip is dealing with a familiar crisis management challenge: Supporting a remote workforce, with extra emphasis on secure identities. But he's also keeping a close eye on his team and the risks of burnout.

COVID-19

Zoom Contacts Feature Leaks Email Addresses, Photos

Jeremy Kirk  •  April 1, 2020

Popular teleconferencing software Zoom is continuing to fall under scrutiny as questions are raised over its privacy and security practices. The latest issue: a feature that inadvertently reveals strangers' email addresses and profile photos.

Endpoint Security

Alerts: Security Flaw in Medication, Anesthesia Systems

Marianne Kolbasuk McGee  •  April 1, 2020

A vulnerability in medication dispensing equipment and an anesthesia system from Becton Dickinson could enable an attacker to access and modify sensitive data, according to alerts issued Tuesday. Medical device security challenges are potentially heightened during the COVID-19 pandemic, experts say.

Account Takeover

FBI Alleges Russian Man Laundered Cybercriminals' Money

Ishita Chigilli Palli  •  April 1, 2020

The FBI has arrested a Russian national for allegedly helping an international cybercriminal gang launder its money by turning cash into bitcoin and other cryptocurrencies, according to court documents.

Business Email Compromise (BEC)

Nigerian BEC Scammers Increase Proficiency: Report

Akshaya Asokan  •  April 1, 2020

Nigerian cybercriminal gangs have become even more proficient in waging business email compromise attacks, according to an analysis from Palo Alto Network's Unit 42 that describes recent trends.

COVID-19

Election Campaign Security Revisited

Tom Field  •  April 1, 2020

With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S. CyberDome election security effort, shares an update.