Empire darknet market vendor announces move to the Wickr encrypted app, in a post to Dread, a Reddit-like forum for dark web discussions (Source: Digital Shadows)

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Mathew J. Schwartz • September 25, 2020

With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.

Governance & Risk Management

Payment Card Skimming Hits 2,000 E-Commerce Sites

Latest

Forensics

Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Cyberwarfare / Nation-State Attacks

Facebook Removes More Accounts Linked to Russia

Chinmay Rautmare • September 25, 2020

Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.

Critical Infrastructure Security

Calls Grow to Restore White House Cybersecurity Leader Role

Prajeet Nair • September 25, 2020

The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish a White House cybersecurity coordinator role. The position would coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.

Breach Notification

Analysis: Are Darknet Markets Here to Stay?

Anna Delaney • September 25, 2020

The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.

Fraud Management & Cybercrime

How a Phishing Awareness Test Went Very Wrong

Jeremy Kirk • September 25, 2020

Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships.

Governance & Risk Management

Lessons to Learn From Shopify Data Breach

Doug Olenick • September 24, 2020

Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.

Account Takeover Fraud

Police Crack SMS Phishing Operation

Jeremy Kirk • September 24, 2020

Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.

Card Not Present Fraud

Battling Payment Card Fraud in the COVID-19 Era

Prajeet Nair • September 24, 2020

The shift to online shopping - and card-not-present transactions - during the COVID-19 pandemic has driven fraudsters to shift their strategies, including ramping up efforts to open fraudulent accounts, says Gord Jamieson of Visa, who offers advice on mitigating the risks.

Cloud Access Security Brokers (CASB)

Drop Everything and Secure Remote Workforce, Gartner Warns

Mathew J. Schwartz • September 24, 2020

Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner.

COVID-19

FBI, CISA Warn of Election Results Disinformation Campaigns

Prajeet Nair • September 23, 2020

With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.

COVID-19

COVID-19 Update: 'Live Like You're Contagious'

Tom Field • September 23, 2020

With colder weather, the flu season and the holidays ahead, the northern hemisphere is at risk of another major COVID-19 outbreak. Pandemic expert Regina Phelps says it's time to change behavior, and that starts here: "Live like you're contagious."

Cybercrime

Attacks Using Lokibot Information Stealer Surge

Akshaya Asokan • September 23, 2020

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. Fraudsters are using new methods to spread the malware.