US Pulls Back Curtain on Russian Cyber Operations

Scott Ferguson • April 16, 2021

While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S. agencies used the sanctions announcement as an opportunity to pull back the curtain on the tactics of Russia's Foreign Intelligence Service.

Breach Notification

600,000 Payment Cards Stolen From Swarmshop Darknet Market

Latest

Biometrics

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Tom Field • April 16, 2021

No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?

Breach Notification

ISMG Editors’ Panel: The Facebook Breach and More

Anna Delaney • April 16, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.

3rd Party Risk Management

Attack on Codecov Affects Customers

Doug Olenick • April 16, 2021

Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney • April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz • April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk • April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

3rd Party Risk Management

Senators Push for Changes in Wake of SolarWinds Attack

Scott Ferguson • April 14, 2021

The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field • April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

Business Email Compromise (BEC)

How Fraudsters Nearly Stole $17.5 Million via PPE Fraud

Mathew J. Schwartz • April 14, 2021

Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.

Application Security

Microsoft Patches 4 Additional Exchange Flaws

Doug Olenick • April 13, 2021

Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.

Cyberwarfare / Nation-State Attacks

Former DHS Leader Shares Details on SolarWinds Attack

Scott Ferguson • April 13, 2021

Chad Wolf, the former acting secretary for the Department of Homeland Security, has confirmed the accuracy of an earlier news report saying that the SolarWinds supply chain attackers gained access to his unclassified DHS email accounts, which included calendar details.

Cyberwarfare / Nation-State Attacks

Intelligence Report: 4 Nations Pose Serious Cyberthreat to US

Scott Ferguson • April 13, 2021

China, Russia, North Korea and Iran continue to pose significant cybersecurity threats to the U.S. because each is capable of launching disruptive attacks, according to a report published Tuesday by the Office of the Director of National Intelligence.