Global Cybercrime Surging During Pandemic

Marianne Kolbasuk McGee • August 6, 2020

Cybercriminals have shifted their focus from individuals and smaller businesses to target governments, critical health infrastructure and major corporations to maximize their profits and disruption during the COVID-19 pandemic, a new Interpol report warns.

Account Takeover

Screams, Porn Interrupt Virtual Hearing for Twitter Suspect

EU Issues First Sanctions for Cyberattacks

Latest

Endpoint Security

Twitter Rushes to Fix Flaw in Android Version

Chinmay Rautmare • August 6, 2020

Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident.

Endpoint Security

How WastedLocker Evades Anti-Ransomware Tools

Prajeet Nair • August 5, 2020

WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos.

Governance & Risk Management

A Flaw Used by Stuxnet Wasn't Fully Fixed

Jeremy Kirk • August 5, 2020

Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be discussed at the Black Hat security conference on Thursday. The vulnerabilities are rooted in patches that Microsoft created to fix issues exploited by Stuxnet, the malware that hampered Iran's nuclear program.

Biometrics

Behavioral Biometrics: Avoiding Mistakes

Suparna Goswami • August 5, 2020

Too many companies that are implementing behavioral biometrics to combat fraud lack a complete understanding of how to make the most of the technology, says David Lacey, managing director at IDCARE, Australia and New Zealand's not-for-profit national identity and cyber support service.

Application Security

Why Flash Player Removal Should Be a Priority

Doug Olenick • August 4, 2020

Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.

Cybercrime

Alleged GandCrab Distributor Arrested in Belarus

Chinmay Rautmare • August 4, 2020

A 31-year-old man who allegedly distributed versions of the GandCrab ransomware to target users has been arrested in Belarus for possession and distribution of malware, according to the country's Ministry of Internal Affairs.

Cybercrime

Top Cybersecurity Challenge: 'More Capable Threat Actors'

Mathew J. Schwartz • August 3, 2020

The pace of online crime hasn't been flagging, as "more capable threat actors" - criminals and nation-states alike - have been bringing more advanced tools and tactics to bear on victims, says Raj Samani, chief scientist at McAfee.

Artificial Intelligence & Machine Learning

Fraud Detection: Lessons From Novartis Case

Suparna Goswami • August 3, 2020

Incidents of fraud at pharmaceutical giant Novartis that resulted in over $1 billion in fines worldwide might have been avoided if the company's compliance team used data analytics to detect patterns, says Thomas Fox, a compliance evangelist and author.

Anti-Phishing, DMARC

North Korean Hackers Targeted US Aerospace, Defense Firms

Prajeet Nair • August 1, 2020

Hackers with suspected ties to North Korea targeted U.S. aerospace and defense firms with fake job offer emails sent to employees, according to security firm McAfee. The messages contained malware designed to gain a foothold in networks and gather data.

Cybercrime

FastPOS Malware Creator Pleads Guilty

Akshaya Asokan • August 1, 2020

A member of the infamous Infraud Organization who was the creator of a malware strain called FastPOS has pleaded guilty to a federal conspiracy charge. Valerian Chiochiu assisted other cybercriminals through the Infraud site before authorities shuttered it in 2018, prosecutors say.

Endpoint Security

Boot-Loading Flaw Affects Linux, Windows Devices

Akshaya Asokan • July 31, 2020

A vulnerability that can impede the boot-loading process of an operating system could potentially affect billions of Linux and Windows machines, according to Eclypsium. The flaw, called "BootHole," could enable an attacker to gain near total control of an infected device.

Account Takeover

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland • July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.