Latest

►

3rd Party Risk Management

How to Manage Software Supply Chain Risks

Jeremy Kirk  •  January 22, 2021

The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.

Cryptocurrency Fraud

DreamBus Botnet Targets Linux Systems

Prajeet Nair  •  January 22, 2021

Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful, enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero.

Governance & Risk Management

Researchers Identify SAP Flaw Exploit

Akshaya Asokan  •  January 22, 2021

An exploit that takes advantage of an authentication vulnerability in SAP Solution Manager can lead to a compromise of other connected SAP applications, according to Onapsis Research Labs.

Fraud Management & Cybercrime

Hackers Leave Stolen Email Credentials Exposed

Akshaya Asokan  •  January 22, 2021

Hackers waging a phishing campaign stole more than 1,000 corporate email credentials and then stored the stolen data in a database accessible via a simple Google search, Check Point Research says.

3rd Party Risk Management

Analysis: How Will Biden Address Cybersecurity Challenges?

Anna Delaney  •  January 22, 2021

The latest edition of the ISMG Security Report features an analysis of the cybersecurity challenges the Biden administration must address. Also featured: payments security advice from Verizon; the outlook for the lifting of restrictions tied to the COVID-19 pandemic.

Cybercrime

Microsoft Describes How SolarWinds Hackers Avoided Detection

Doug Olenick  •  January 21, 2021

Microsoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.

Cryptocurrency Fraud

Cryptomining Campaign Linked to Iranian Software Firm

Prajeet Nair  •  January 21, 2021

An ongoing global cryptomining campaign has connections to an Iranian software firm, according to a report from Sophos. The MrbMiner malware has targeted thousands of vulnerable Microsoft SQL Servers.

Cybercrime

Chinese Hacking Group Targets Airlines, Semiconductor Firms

Prajeet Nair  •  January 21, 2021

A hacking group with apparent ties to China is targeting airlines and semiconductor firms to steal intellectual property and personal data in repeated exfiltration efforts, according to NCC Group.

Cyberwarfare / Nation-State Attacks

Malwarebytes CEO: Firm Targeted by SolarWinds Hackers

Prajeet Nair  •  January 20, 2021

The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."

►

COVID-19

COVID-19 First Anniversary: It's About Vaccines & Variants

Tom Field  •  January 20, 2021

As the U.S. marks its first anniversary of fighting COVID-19, pandemic expert Regina Phelps says the next several, critical weeks come down to two vital words: vaccines and variants. "Those are going to determine our destiny for the long and foreseeable future," she says.

Cybercrime

'FreakOut' Botnet Targets Unpatched Linux Systems

Prajeet Nair  •  January 20, 2021

Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

Governance & Risk Management

Microsoft Taking Additional Steps to Address Zerologon Flaw

Prajeet Nair  •  January 19, 2021

Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.