Defining Synthetic ID Fraud: How It Helps With Mitigation

Suparna Goswami • April 14, 2021

Now that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say.

►

3rd Party Risk Management

Capital One Warns of More Data Leaked in 2019 Breach

Latest

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk • April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field • April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

Business Email Compromise (BEC)

How Fraudsters Nearly Stole $17.5 Million via PPE Fraud

Mathew J. Schwartz • April 14, 2021

Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.

Application Security

Microsoft Patches 4 Additional Exchange Flaws

Doug Olenick • April 13, 2021

Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.

Cyberwarfare / Nation-State Attacks

Former DHS Leader Shares Details on SolarWinds Attack

Scott Ferguson • April 13, 2021

Chad Wolf, the former acting secretary for the Department of Homeland Security, has confirmed the accuracy of an earlier news report saying that the SolarWinds supply chain attackers gained access to his unclassified DHS email accounts, which included calendar details.

Cyberwarfare / Nation-State Attacks

Intelligence Report: 4 Nations Pose Serious Cyberthreat to US

Scott Ferguson • April 13, 2021

China, Russia, North Korea and Iran continue to pose significant cybersecurity threats to the U.S. because each is capable of launching disruptive attacks, according to a report published Tuesday by the Office of the Director of National Intelligence.

Cybercrime

Initial Access Brokers: Credential Glut Weakening Prices?

Mathew J. Schwartz • April 13, 2021

Initial access brokers continue to ply their trade, selling immediate access to hacked sites to make it easier for gangs to steal data and crypto-lock systems. But researchers say an overabundant supply of access credentials appears to be driving down the prices being commanded on cybercrime forums and markets.

DDoS Protection

Millions of Devices Potentially Vulnerable to DNS Flaws

Doug Olenick • April 13, 2021

Forescout Research Labs and the Israeli security firm JSOF have found nine Domain Name System vulnerabilities affecting four TCP/IP stacks that, if exploited, could lead to remote code execution or denial-of-service attacks - potentially on millions of devices.

Anti-Phishing, DMARC

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Jeremy Kirk , Mathew J. Schwartz • April 13, 2021

Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.

Cybercrime

Texas Man Charged With Planning to Bomb AWS Data Center

Scott Ferguson • April 12, 2021

A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department. The suspect believed the bombing could interrupt 70% of internet traffic, prosecutors say.

Artificial Intelligence & Machine Learning

Microsoft to Buy Nuance Communications for $19.7 Billion

Marianne Kolbasuk McGee • April 12, 2021

Microsoft Corp. on Monday announced it will acquire cloud-based speech technology and artificial intelligence vendor Nuance Communications in an all-cash transaction valued at $19.7 billion. The deal is expected to close by the end of this year.

Governance & Risk Management