Latest

Governance & Risk Management

Ex-Cisco Engineer Sentenced to 2 Years in Prison for Hacking

Prajeet Nair  •  December 10, 2020

A former Cisco engineer has been sentenced to serve two years in federal prison after pleading guilty to charges that he hacked his former company, causing $1.4 million in damages.

Application Security

Black Hat Europe: Hackers Need to Educate Policymakers

Mathew J. Schwartz  •  December 9, 2020

Government leaders are increasingly calling on cybersecurity researchers to better inform policymakers and are urging businesses to pay more attention to their in-house security teams, according to presenters at this week's Black Hat Europe virtual conference.

Breach Notification

Fire in the Hole

Steve King  •  December 9, 2020

If FireEye - one of the top cybersecurity firms - can't protect itself, how can clients be sure anything from anyone will keep them safe? The myth of a "secured environment" has been revealed to be exactly that.

Cybercrime

Payment Card Skimming Group Deployed Raccoon Infostealer

Akshaya Asokan  •  December 8, 2020

A JavaScript card skimmer group dubbed "FakeSecurity" recently deployed the Raccoon information stealer malware in order to target e-commerce sites to steal payment card details from victims, according to security firm Group-IB.

Cyberwarfare / Nation-State Attacks

Second Federal Judge Blocks White House's TikTok Ban

Prajeet Nair  •  December 8, 2020

Another federal judge is blocking the Trump administration's attempt to ban the Chinese-made social media app TikTok from being used in the U.S. The White House claims that the data the app collects on American users poses a national security threat.

Endpoint Security

Millions of IoT Devices at Risk From TCP/IP Stack Flaws

Jeremy Kirk  •  December 8, 2020

A critical component within millions of consumer and enterprise IoT devices has dangerous software flaws. New research from Forescout Technologies into open-source TCP-IP stacks shows millions of devices from 150 vendors are likely vulnerable.

Breach Notification

Ransomware: Call Centers Cold-Call Victims to Demand Ransom

Mathew J. Schwartz  •  December 7, 2020

Ransomware innovation seems to know no bounds, as crime gangs seek new ways to make crypto-locking malware ever more profitable. Beyond data-leak sites and affiliate programs, gangs have also been using call centers to cold-call victims, tell them they've been hit by ransomware and request payment.

Cybercrime

Egregor Ransomware Slams HR Firm and Transport Agency

Prajeet Nair  •  December 7, 2020

Dutch HR firm Randstad and the public transportation agency of Vancouver, Canada, are continuing to recover from ransomware attacks. Both incidents appear to have involved Egregor ransomware, with Randstad reporting that data was exfiltrated and is now being leaked by attackers to try and force payment.

Critical Infrastructure Security

US Senators Warn of National Security Threats From China

Akshaya Asokan  •  December 5, 2020

The top Republican and Democrat on the U.S. Senate Intelligence Committee have issued a warning about the national security threats posed by the Chinese government. The statement follows an opinion article published by DNI Director John Ratcliffe that called out China's cyber and other capabilities.

Cybercrime

Data Exfiltrated From Alaskan Voter Registration Servers

Doug Olenick  •  December 4, 2020

Hackers exfiltrated voters' personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials say.

Fraud Management & Cybercrime

Defense Bill Would Restore White House Cybersecurity Post

Akshaya Asokan  •  December 4, 2020

A defense policy bill that Congress plans to vote on later this month now includes a provision that would restore the position of national cyber director at the White House, says Rep. Jim Langevin, D-R.I.

Cybercrime

Hacking Group Used Crypto Miners as Distraction Technique

Prajeet Nair  •  December 4, 2020

A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports.