Protecting Urban Cooperative Banks From Cyber Threats

Geetha Nandikotkur • November 26, 2020

India's urban cooperative banks need to take a holistic approach to build a security governance structure, opt for an ASP services model and map their business-critical risks to comply with the RBI's security posture guidelines, according to a panel of experts.

Anti-Phishing, DMARC

The Dark Side of AI: Previewing Criminal Uses

Latest

Cybercrime as-a-service

Ransomware Attack Will Costs French IT Services $60 Million

Prajeet Nair • November 26, 2020

French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, is estimating that the attack will cost the company around $60 million in recovery costs.

3rd Party Risk Management

Automated Monitoring in the Cloud

Anna Delaney • November 26, 2020

Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.

Device Identification

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Jeremy Kirk • November 26, 2020

Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.

Application Security

Keeping the Software Supply Chain Secure

Jeremy Kirk • November 26, 2020

IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair • November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Hackers Exploit MobileIron Flaw

Akshaya Asokan • November 25, 2020

The U.K. National Cyber Security Center is warning that nation-state hackers and cybercriminals are exploiting a remote vulnerability in MobileIron's mobile device management tool to target organizations in the country.

Governance & Risk Management

Linux Botnet Disguises Itself as Apache Server

Prajeet Nair • November 25, 2020

The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, according to Intezer Labs.

Application Security

Google Removes 2 Android Apps That Collected User Data

Akshaya Asokan • November 25, 2020

Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick • November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.

Endpoint Security

UK Telecommunications Security Bill Would Ban Huawei

Mathew J. Schwartz • November 24, 2020

The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.

Fraud Management & Cybercrime

Instagram Leaked Minors' PII Again, But Now It's Fixed

Jeremy Kirk • November 24, 2020

For at least a month, Instagram leaked the email addresses of minors, which occurred as Ireland's Data Protection Commission probed whether its parent company, Facebook, failed to protect children's personal data. Facebook has fixed the issue. But how carefully is the company protecting personal data?

Cyberwarfare / Nation-State Attacks

Chinese Hacking Group Rebounds With Fresh Malware

Prajeet Nair • November 24, 2020

A Chinese advanced persistent threat group has recently begun ramping up its activities with a new phishing campaign leveraging updated malware that's targeting diplomatic missions around the world to collect data and monitor communications, according to Proofpoint.