The relative impact of Trickbot and Emotet malware variants that use a COVID-19 lure (Source: Microsoft)

UK and US Security Agencies Sound COVID-19 Threat Alert

Mathew J. Schwartz • April 9, 2020

Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.

►

COVID-19

Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?

Latest

Fraud Management & Cybercrime

Faces of Fraud 2020: COVID-19's Impact

Tom Field • April 9, 2020

The cyberthreat and fraud landscape is ever-changing, and attackers are upping the game with more advanced attacks. The COVID-19 pandemic has accelerated socially engineered schemes, such as phishing and virus-related scams. CISO Stephen Fridakis and consultant Rocco Grillo discuss how to ramp up defenses.

Cybercrime

Latest Botnet Offers DDoS Attacks on Demand

Akshaya Asokan • April 9, 2020

The operator of a newly discovered botnet dubbed "Dark Nexus" is offering cybercriminals access to an array of capabilities, include the ability to launch DDoS attacks on demand, according researchers at Bitdefender.

Governance & Risk Management

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Mathew J. Schwartz • April 8, 2020

Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Cybercrime

Hackers Have Targeted Linux Servers for Years: Report

Ishita Chigilli Palli • April 8, 2020

For nearly a decade, five hacking groups with apparent links to the Chinese government have targeted vulnerable Linux servers that make up the backend IT infrastructure of thousands of companies and organizations around the world, according to a research report from BlackBerry.

Business Continuity Management / Disaster Recovery

No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare

Mathew J. Schwartz • April 7, 2020

As the COVID-19 outbreak has intensified, so too has cybercrime, including ransomware, Interpol, the international crime-fighting agency, warns. Despite some gangs claiming to no longer be targeting healthcare organizations, experts have seen "no abatement, empathy or free decryptor" from any of them.

Application Security

Researchers Propose COVID-19 Tracking App

Ishita Chigilli Palli • April 7, 2020

Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Cybercrime

Mitigating the Risks Posed by AI Meeting Assistants

Suparna Goswami • April 7, 2020

AI meeting assistants present increasing risks as more companies rely on teleconferencing during the COVID-19 pandemic, says U.K.-based Steve Marshall, CISO at Bytes Technology, an IT and cybersecurity consultancy, who discusses risk mitigation steps.

3rd Party Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Information Security Media Group • April 7, 2020

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Endpoint Security

Researcher Finds Flaws in HP's Software Assistant Tool

Jeremy Kirk • April 6, 2020

A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.

Fraud Management & Cybercrime

Update: E-Commerce Fraud Trends

Nick Holland • April 6, 2020

E-commerce fraud schemes continue to grow and evolve, says Angie White of TransUnion, who discusses the results of new research on the subject.

Big Data Security Analytics

Achieving True Predictive Security Analytics

Varun Haran • April 6, 2020

True predictive analysis is difficult - and it sometimes takes years of learning and data modeling to get it right, says Derek Manky, chief of security insights and global threat alliances at Fortiguard Labs.

Endpoint Security

NIST Specialist Offers Telework Security Insights

Scott Ferguson • April 6, 2020

With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.