Latest

►

Fraud Management & Cybercrime

Assessing the SolarWinds Hack's Impact on Fraud

Suparna Goswami  •  January 25, 2021

What impact could the SolarWinds supply chain hack have on fraud trends? Al Pascual of Breach Clarity offers an analysis.

DDoS Protection

DDoS Attackers Exploit Vulnerable Microsoft RDP Servers

Prajeet Nair  •  January 25, 2021

Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice.

Cryptocurrency Fraud

Russian Pleads Guilty to Running Cybercrime Forum

Prajeet Nair  •  January 25, 2021

A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.

Application Security

SonicWall Investigating Zero-Day Attacks Against Its Products

Scott Ferguson  •  January 24, 2021

Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.

Business Email Compromise (BEC)

Fraudsters Are Using Google Forms to Evade Email Filters

Prajeet Nair  •  January 23, 2021

Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.

►

3rd Party Risk Management

How to Manage Software Supply Chain Risks

Jeremy Kirk  •  January 22, 2021

The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.

Cryptocurrency Fraud

DreamBus Botnet Targets Linux Systems

Prajeet Nair  •  January 22, 2021

Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful, enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero.

3rd Party Risk Management

Analysis: How Will Biden Address Cybersecurity Challenges?

Anna Delaney  •  January 22, 2021

The latest edition of the ISMG Security Report features an analysis of the cybersecurity challenges the Biden administration must address. Also featured: payments security advice from Verizon; the outlook for the lifting of restrictions tied to the COVID-19 pandemic.

Cybercrime

Microsoft Describes How SolarWinds Hackers Avoided Detection

Doug Olenick  •  January 21, 2021

Microsoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.

Governance & Risk Management

Biden Fills 3 Cybersecurity Positions

Doug Olenick  •  January 21, 2021

President Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber.

Cryptocurrency Fraud

Cryptomining Campaign Linked to Iranian Software Firm

Prajeet Nair  •  January 21, 2021

An ongoing global cryptomining campaign has connections to an Iranian software firm, according to a report from Sophos. The MrbMiner malware has targeted thousands of vulnerable Microsoft SQL Servers.

Cyberwarfare / Nation-State Attacks

Malwarebytes CEO: Firm Targeted by SolarWinds Hackers

Prajeet Nair  •  January 20, 2021

The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."