Source: F-Secure

Cybercrime Review: Hackers Cash in on COVID-19

Mathew J. Schwartz • September 22, 2020

Reviewing online attack trends for the first half of the year, numerous cybersecurity firms agree: COVID-19 was king. As the pandemic has reshaped how many live and work, so too has it driven attackers to attempt to exploit work-at-home challenges and virus fears.

Cloud Security

TikTok Picks Oracle as US 'Technology Partner'

Latest

Cybercrime

'Dark Overlord' Hacker Sentenced to 5-Year Prison Term

Chinmay Rautmare • September 22, 2020

A U.K. resident who was a member of The Dark Overlord hacking group pleaded guilty to federal charges Monday and was sentenced to five years in prison, according to the U.S. Justice Department. The group targeted several healthcare organizations and others.

Business Continuity Management / Disaster Recovery

Cybersecurity Leadership: Risk Exposure Awareness

Tom Field • September 22, 2020

It might be new, but are we ready to call this "normal?" In this latest in a series of CEO/CISO panels, cybersecurity leaders talk frankly about the new risk surface and the role emerging technologies play in helping us keep pace with our adversaries.

Anti-Money Laundering (AML)

Leaked FinCEN Reports Reveal Sensitive Security Details

Doug Olenick • September 22, 2020

What will be the impact of the leak of investigatory documents from FinCEN - the U.S. Treasury Department's Financial Crimes Enforcement Network? For starters, experts warn that FinCEN reports may reveal sensitive information tied to banks and law enforcement agencies' investigatory tools and tactics.

Application Security

CISA Pushes Government Agencies to Patch 'Zerologon' Flaw

Jeremy Kirk • September 22, 2020

U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.

Cybercrime

Exclusive: Hackers Hit Virgin Mobile in Saudi Arabia

Jeremy Kirk • September 21, 2020

Hackers compromised the network of Saudi Arabia's Virgin Mobile KSA, gained email system access and offered stolen data for sale on the dark web. According to a source with knowledge of the attack, the incident - remediated late last week - is one of a string of attacks against organizations in the Middle East.

Endpoint Security

Hacking Group Used Malware to Bypass 2FA on Android Devices

Akshaya Asokan • September 19, 2020

A hacking group targeting Iranian dissidents has developed malware that can bypass two-factor authentication protection on Android devices to steal passwords, according to Check Point Research. The hackers have also targeted victims' Telegram accounts.

DDoS Protection

Analysis: Online Attacks Hit Education Sector Worldwide

Chinmay Rautmare • September 18, 2020

Check Point Research analysts have observed a significant rise in online attacks against the educational sector worldwide since July. DDoS attacks have surged in the U.S., while European institutions have been hit by ransomware.

Blockchain & Cryptocurrency

Researchers Find Mozi Botnet Continues to Grow

Prajeet Nair • September 18, 2020

Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit. The malware is being used to launch DDoS attacks as well as mine for cryptocurrency.

Cyberwarfare / Nation-State Attacks

3 Iranian Hackers Charged With Targeting US Satellite Firms

Akshaya Asokan • September 18, 2020

Three Iranian hackers have been charged in connection with using social engineering and phishing techniques to steal data and intellectual property from U.S. satellite and aerospace companies, according to the Justice Department. The suspects were allegedly working on behalf of Iran's Islamic Revolutionary Guard Corps.

Breach Notification

Analysis: Is Chinese Database Exposure a Cause for Concern?

Anna Delaney • September 18, 2020

The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.

Blockchain & Cryptocurrency

DOJ: 2 Russians Defrauded Cryptocurrency Exchanges

Prajeet Nair • September 17, 2020

Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.

Cybercrime

Analyzing the Role of Fraud Fusion Centers

Akshaya Asokan • September 17, 2020

Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.