A suspected member of the REvil/Sodinokibi operation who was detained earlier this month in Russia (Source: FSB)

Ransomware Trends: Volume of Known Victims Remains Steady

Mathew J. Schwartz • January 26, 2022

Despite Western governments' increased focus on disrupting ransomware, the quantity of new victims doesn't appear to have declined, at least so far. But multiple experts say that nation-state efforts to combat cybercrime syndicates are still picking up speed and may well yet have an impact.

3rd Party Risk Management

Biden Memo Orders Cybersecurity Improvements

Latest

Business Continuity Management / Disaster Recovery

US, NATO Discuss Ukrainian Cyber Aid Amid Tensions

Dan Gunderman • January 25, 2022

As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull intervention, a part of which includes bolstering Ukraine's cyber defenses. This comes as experts warn that cyberwarfare could play an increasingly significant...

3rd Party Risk Management

Log4j Updates: Flaw Challenges Global Security Leaders

Devon Warren-Kachelein • January 25, 2022

The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.

Cybercrime

How Do You Detect - and Stop - Bank Identity Number Attacks?

Suparna Goswami • January 25, 2022

How do you identify a BIN - Bank Identity Number - attack, let alone stop it? Ernie Moran, senior vice president of risk at Brightwell Payments, shares his experience of how he managed a BIN attack on his firm.

Business Continuity Management / Disaster Recovery

Brand Narratives and Awareness in Cybersecurity

Steve King • January 25, 2022

Kyle Flaherty has worked with a range of companies, changing the worlds of big data, IoT, BYOD, SaaS, open-source software, network security, fraud detection, data analytics, marketing automation and network management. He weighs in on brands and how metrics feed different audiences.

Application Security

FBI Warns of Cybercriminals Using QR Codes to Steal Funds

Mihir Bagwe • January 24, 2022

The U.S. Federal Bureau of Investigation has issued a warning to consumers about cybercriminals targeting people through maliciously crafted quick response - or QR - codes that direct them to links where their credentials and financial information are siphoned off.

3rd Party Risk Management

Microsoft Finds SolarWinds Vulnerability Amid Log4j Search

Dan Gunderman • January 24, 2022

Microsoft researchers tracking Apache Log4j exploits last week discovered a previously undisclosed vulnerability in SolarWinds' Serv-U software. SolarWinds subsequently responded, investigated and fixed the flaw. Some observers described the new vulnerability as "surprising" and "disturbing."

Application Security

Twitter: Head of Security Reportedly Fired; CISO to Leave

Prajeet Nair • January 22, 2022

Twitter has said it is firing Peiter "Mudge" Zatko, the network security expert it hired in November 2020 as head of security. The security team changes - the CISO is also set to depart - follow "an assessment of how the organization was being led," according to a corporate memo shared with The New York Times.

3rd Party Risk Management

New FS-ISAC Program Boosts Supply Chain Security Dialogue

Devon Warren-Kachelein • January 21, 2022

FS-ISAC is piloting a new program called the Critical Providers Program that is aimed to heighten the conversation between leaders of security firms and their third-party partners. The program leverages the Connect platform, and Akamai Technologies plays a key role.

Application Security

ISMG Editors: Will Ransomware Kill Cyber Insurance?

Anna Delaney • January 21, 2022

In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.

3rd Party Risk Management

From the Trenches: Remediating Widespread Apache Log4j Flaw

Mathew J. Schwartz • January 21, 2022

Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.

Blockchain & Cryptocurrency

Crypto.com Confirms Breach, Nearly $34 Million in Losses

Dan Gunderman , Devon Warren-Kachelein • January 21, 2022

Singaporean cryptocurrency exchange Crypto.com confirms that its platform fell victim to a multimillion-dollar cyberattack. In a postmortem entry on its site, Crypto.com says unauthorized withdrawals targeted Ethereum and Bitcoin of 483 users. Associated losses were near $34 million.

Application Security

Ukraine Cyber Attacks: A Case of Hacktivism?

Anna Delaney • January 21, 2022

The latest edition of the ISMG Security Report features an analysis of whether the cyberattacks that hit Ukraine's government agencies last week are attributable to any group or nation-state along with updates to the cybersecurity executive order and illicit cryptocurrency trends.