Advertisement for Racoon malware, an infostealer designed to steal cryptocurrency (Source: Sophos)

Cryptocurrency-Stealing 'Cryware' Malware Attacks Surge

Mathew J. Schwartz • May 18, 2022

Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.

Critical Infrastructure Security

Okta's Data Breach Debacle After Lapsus$ Attack: Postmortem

Latest

3rd Party Risk Management

Victim List in EHR Vendor Hack Grows as New Details Emerge

Marianne Kolbasuk McGee • May 18, 2022

The list of ophthalmology practices and the number of individuals affected by a December hacking incident at a cloud-based electronic health records vendor, which resulted in deleted databases, are growing as more details about the attack slowly emerge.

Cybercrime

North Korean IT Workers Using US Salaries to Fund Nukes

Prajeet Nair • May 18, 2022

North Korean information technology workers have been attempting to obtain employment in public and private sectors in the United States to fund their home country's weapons of mass destruction and ballistic missiles programs, according to an advisory from U.S. federal agencies.

Access Management

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Mihir Bagwe • May 18, 2022

Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.

Application Security

CISA Removes Windows Flaw From Exploited Catalog List

Prajeet Nair • May 17, 2022

The U.S. Cybersecurity and Infrastructure Security Agency has announced that it is temporarily removing a Windows protection defect from its Known Exploited Vulnerability Catalog because of a risk of authentication failures after the recent Microsoft patch update.

3rd Party Risk Management

Google Unveils Service to Secure Open-Source Dependencies

Michael Novinson , Brian Pereira • May 17, 2022

Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.

Critical Infrastructure Security

Feds Say 'Multi-Tasking Doctor' Built Thanos Ransomware

Mathew J. Schwartz • May 17, 2022

U.S. authorities have charged a cardiologist based in Venezuela with developing and selling multiple strains of ransomware, including Jigsaw and Thanos, as well as recruiting affiliates to use the crypto-locking malware against victims in return for a cut of any ransoms paid.

Electronic Healthcare Records

An Initiative to Enhance Patient ID, Record Matching

Marianne Kolbasuk McGee • May 17, 2022

A new initiative aims to create a standards-based nationwide patient credential and matching ecosystem to ultimately improve matching patients with their electronic health information, says Scott Stuewe, CEO of DirectTrust, the nonprofit, vendor-neutral organization that is leading the effort.

3rd Party Risk Management

Trusting Our Global Supply Chain

Steve King • May 17, 2022

In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.

Access Management

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Anna Delaney • May 16, 2022

In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.

Breach Notification

AvosLocker Claims Data Theft From Another Healthcare Entity

Marianne Kolbasuk McGee • May 16, 2022

In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.

Breach Notification

EU Parliament, Council Agree on Cybersecurity Risk Framework

Prajeet Nair • May 16, 2022

The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.

Blockchain & Cryptocurrency

Cause for Concern? Ransomware Strains Trace to North Korea

Mathew J. Schwartz • May 16, 2022

If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.