IT & OT Convergence: Sizing Up the Security Risks

Geetha Nandikotkur • July 13, 2020

As the risks to IT and OT converge, organizations must ramp up their threat intelligence information sharing mechanisms and build a more comprehensive cybersecurity policy, says Singapore-based John Lee, managing director of GRF Asia, a federation for building global resilience.

Account Takeover

North Korean Hacking Infrastructure Tied to Magecart Hits

Latest

Cyberwarfare / Nation-State Attacks

Wells Fargo Bans TikTok App on Company Devices

Ishita Chigilli Palli • July 13, 2020

Wells Fargo, the fourth largest bank in the U.S., has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The news comes after Amazon sent mixed signals to its employees about use of the social media app.

Cybercrime

Russian Found Guilty of Hacking LinkedIn, Dropbox

Prajeet Nair • July 13, 2020

A Russian national has been found guilty of hacking LinkedIn, Dropbox and the now defunct Formspring to steal millions of user credentials, some of which were later sold on underground markets.

Cybercrime

No 'Invisible God': Fxmsp's Operational Security Failures

Mathew J. Schwartz • July 13, 2020

To the long list of alleged hackers who failed to practice good operational security so they could remain anonymous, add another name: Andrey Turchin, who's been charged with running the Fxmsp hacking group, which prosecutors say relied on Jabber and bitcoins in an attempt to hide their real identities.

Business Email Compromise (BEC)

US Secret Service Forms Cyber Fraud Task Force

Akshaya Asokan • July 11, 2020

The U.S. Secret Service is combining its electronic and financial crimes units into a single task force that will focus on investigating cyber-related financial crimes, such as BEC schemes and ransomware attacks. The move comes as lawmakers push for the Secret Service to take a more active role in fighting cybercrime.

Cybercrime

Zoom-Themed Phishing Campaign Targets Office 365 Credentials

Prajeet Nair • July 10, 2020

A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. These attacks come as use of the platform soars due to work-from-home arrangements.

Cybercrime

Mac Malware Primarily Infostealer, Not Ransomware

Doug Olenick • July 10, 2020

The Mac malware originally labeled as "EvilQuest," which researchers initially identified as a poorly designed ransomware variant, apparently is primarily an information stealer with ransomware-like elements designed to confuse security tools, according to the security firm Malwarebytes.

Cybercrime

Updated Joker Android Malware Adds Evasion Techniques

Akshaya Asokan • July 10, 2020

Check Point Research reports that a new version of the Joker mobile malware that infects Android devices has emerged. The malware, hidden in apps in the Google Play store, has once again evaded Google's security tools.

COVID-19

Analysis: Monitoring the Risks Posed by Remote Workers

Nick Holland • July 10, 2020

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

Cybercrime

Cybercrime Research: For the Greater Good, or Marketing?

Mathew J. Schwartz • July 10, 2020

U.S. prosecutors this week unsealed an indictment against the alleged hacker "Fxmsp" after his identity was revealed in a cybersecurity firm's report. That sequence of events has raised questions about information sharing and highlighted law enforcement's reliance on private cybersecurity researchers.

Cybercrime

APT Group Targets Fintech Companies

Akshaya Asokan • July 9, 2020

A little-known advanced persistent threat group dubbed Evilnum has been targeting fintech firms in the U.K. and Europe over the past two years, using spear-phishing emails and social engineering to start their attacks, according to the security firm ESET.

Cybercrime

Fxmsp Probe: Feds Say Group-IB Report Forced Its Hand

Mathew J. Schwartz • July 9, 2020

Did a private cybersecurity firm's report into the "Fxmsp" hacking operation that deduced the identity of the group's alleged leader disrupt a U.S. law enforcement investigation?

Account Takeover

Card Skimmer Found Hitting Vulnerable E-Commerce Sites

Doug Olenick • July 8, 2020

A credit card skimmer that has been operating since April is specifically targeting sites hosted on Microsoft IIS servers that are currently running an out-of-date version of ASP.NET, according to security firm Malwarebytes. About 27 million websites still use this now unsupported software.