NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.

►

Cloud Security

IRS Seeks Fresh Ways to Trace Cryptocurrency Transactions

Latest

Governance & Risk Management

Lessons to Learn From Shopify Data Breach

Doug Olenick • September 24, 2020

Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.

Account Takeover Fraud

Police Crack SMS Phishing Operation

Jeremy Kirk • September 24, 2020

Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.

Card Not Present Fraud

Battling Payment Card Fraud in the COVID-19 Era

Prajeet Nair • September 24, 2020

The shift to online shopping - and card-not-present transactions - during the COVID-19 pandemic has driven fraudsters to shift their strategies, including ramping up efforts to open fraudulent accounts, says Gord Jamieson of Visa, who offers advice on mitigating the risks.

Cloud Access Security Brokers (CASB)

Drop Everything and Secure Remote Workforce, Gartner Warns

Mathew J. Schwartz • September 24, 2020

Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner.

COVID-19

FBI, CISA Warn of Election Results Disinformation Campaigns

Prajeet Nair • September 23, 2020

With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.

COVID-19

COVID-19 Update: 'Live Like You're Contagious'

Tom Field • September 23, 2020

With colder weather, the flu season and the holidays ahead, the northern hemisphere is at risk of another major COVID-19 outbreak. Pandemic expert Regina Phelps says it's time to change behavior, and that starts here: "Live like you're contagious."

Cybercrime

Attacks Using Lokibot Information Stealer Surge

Akshaya Asokan • September 23, 2020

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials. Fraudsters are using new methods to spread the malware.

Anti-Phishing, DMARC

Ransomware Danger: Russian-Speaking Gang Targets Russians

Mathew J. Schwartz • September 23, 2020

Russian criminals operating online who want to stay out of jail need only to follow a few simple rules, the primary one being: Never target Russians. So it's surprising that security researchers have uncovered a new ransomware-wielding gang of Russian speakers that includes Russian victims on its hit list.

Cryptocurrency Fraud

179 Arrested in Darknet Market Crackdown

Doug Olenick • September 22, 2020

An international coalition of police agencies made 179 arrests and seized virtual currency, cash and drugs based on intelligence gathered from earlier takedowns of the Wall Street and Alphabay darknet marketplaces.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Tom Field • September 22, 2020

It might be new, but are we ready to call this "normal?" In this latest in a series of CEO/CISO panels, cybersecurity leaders talk frankly about the new risk surface and the role emerging technologies play in helping us keep pace with our adversaries.

Application Security

CISA Pushes Government Agencies to Patch 'Zerologon' Flaw

Jeremy Kirk • September 22, 2020

U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.

Cyberwarfare / Nation-State Attacks

Will US Indictments of Iranian Hackers Be a Deterrent?

Akshaya Asokan • September 22, 2020

Will recent U.S. indictments of several alleged Iranian hackers - as well as government sanctions against an APT group - have a deterrent effect? Security experts share their opinions on the impact of these actions.