Image: Shutterstock

How BreachForums' 'Pompompurin' Led the FBI to His Home

David Perera • March 24, 2023

The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.

►

Card Not Present Fraud

SVB Parent Company Seeks Bankruptcy Amid Asset Sale Process

Latest

Cybercrime

3-Year JS Injection Campaign Targets 51,000 Websites

Prajeet Nair • March 25, 2023

A widespread ongoing malicious JavaScript injection campaign first detected in 2020 has targeted over 51,000 websites, redirecting victims to malicious content like adware and scam pages. Attackers are using several obfuscation tactics to bypass detection.

Incident & Breach Response

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Michael Novinson • March 24, 2023

Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

Encryption & Key Management

GitHub Replaces Private RSA SSH Key After Public Exposure

Mathew J. Schwartz • March 24, 2023

GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.

Cyberwarfare / Nation-State Attacks

ISMG Editors: What's Next in Russia's Cyber War?

Anna Delaney • March 24, 2023

In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Blockchain & Cryptocurrency

Cryptohack Roundup: BitPay, Euler Finance, Gala Games

Rashmi Ramesh • March 23, 2023

Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 17 and 23: The New York State Department of Financial Services reminds BitPay that regulations exist. Also, Euler Finance, Gala Games, BitGo, ZenGo, General Bytes, Bitzlato and ParaSpace.

Cyber Insurance

Lawmakers Weigh Laws Proposed in Biden's Cyber Strategy

Cal Harrison • March 23, 2023

Members of a U.S. House subcommittee got their first look at the Biden administration's new national cybersecurity strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

Critical Infrastructure Security

US Officials Urged to Examine Chinese Risk to Electric Grid

Michael Novinson • March 23, 2023

Utility companies have increasingly refrained from purchasing large power transformers from China given greater awareness of the security risks. Lawmakers sparred with the Energy Department's cybersecurity leader over how much of the electric grid contains components manufactured in China.

Breach Notification

Breach Roundup: Ferrari, Indian Health Ministry and the NBA

Mihir Bagwe • March 23, 2023

This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.

Card Not Present Fraud

Credit Card Stealer Targets WordPress Payment Plug-Ins

Rashmi Ramesh • March 23, 2023

Attackers are deploying modified MageCart malware against WordPress websites that use the WooCommerce shopping cart plug-in, says website security firm Sucuri. Hackers inject PHP and JavaScript code and hide stolen credit card numbers in .jpg files.

Fraud Management & Cybercrime

TikTok CEO Aims to Assure Lawmakers Americans' Data Is Safe

Mathew J. Schwartz • March 23, 2023

TikTok CEO Shou Chew appeared Thursday before the U.S. congressional panel to defend his company against accusations that it's imperiling Americans' national security, privacy and mental health. Lawmakers pressed Chew on the company's Chinese ownership, source code and privacy practices.

Identity & Access Management

Splashtop Buys Foxpass to Bring Enterprise IAM to the Masses

Michael Novinson • March 23, 2023

Remote access provider Splashtop has bought server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments. The acquisition of Foxpass will simplify the onboarding experience for developers while ensuring passwords aren't being shared.

Cloud Security

Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth

Michael Novinson • March 22, 2023

Orca Security has promoted Chief Product Officer Gil Geron to CEO to help the agentless cloud security vendor maintain its market leadership and rapid growth. The leadership swap at Portland, Oregon-based Orca will result in Avi Shua moving to the newly created position of chief innovation officer.