Latest

Breach Notification

Cyber Incident Knocks Construction Firm Palfinger Offline

Doug Olenick  •  January 25, 2021

The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.

►

Fraud Management & Cybercrime

Assessing the SolarWinds Hack's Impact on Fraud

Suparna Goswami  •  January 25, 2021

What impact could the SolarWinds supply chain hack have on fraud trends? Al Pascual of Breach Clarity offers an analysis.

DDoS Protection

DDoS Attackers Exploit Vulnerable Microsoft RDP Servers

Prajeet Nair  •  January 25, 2021

Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice.

Cryptocurrency Fraud

Russian Pleads Guilty to Running Cybercrime Forum

Prajeet Nair  •  January 25, 2021

A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.

Cybercrime as-a-service

DDoS Attackers Revive Old Campaigns to Extort Ransom

Akshaya Asokan  •  January 23, 2021

Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations refused to pay the initial ransom demand, a new report by security firm Radware finds.

Breach Notification

Intel Investigating Hack of Confidential Financial Report

Doug Olenick  •  January 23, 2021

Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to release its earnings slightly earlier than planned.

Business Email Compromise (BEC)

Fraudsters Are Using Google Forms to Evade Email Filters

Prajeet Nair  •  January 23, 2021

Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.

COVID-19

President Biden Orders SolarWinds Intelligence Assessment

Mathew J. Schwartz  •  January 22, 2021

The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.

►

3rd Party Risk Management

How to Manage Software Supply Chain Risks

Jeremy Kirk  •  January 22, 2021

The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.

Cryptocurrency Fraud

DreamBus Botnet Targets Linux Systems

Prajeet Nair  •  January 22, 2021

Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful, enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero.

Governance & Risk Management

Researchers Identify SAP Flaw Exploit

Akshaya Asokan  •  January 22, 2021

An exploit that takes advantage of an authentication vulnerability in SAP Solution Manager can lead to a compromise of other connected SAP applications, according to Onapsis Research Labs.

Fraud Management & Cybercrime

Hackers Leave Stolen Email Credentials Exposed

Akshaya Asokan  •  January 22, 2021

Hackers waging a phishing campaign stole more than 1,000 corporate email credentials and then stored the stolen data in a database accessible via a simple Google search, Check Point Research says.