U.K. Digital Secretary Oliver Dowden says new legislation would "give the U.K. one of the toughest telecoms security regimes in the world." (Photo: Mathew Schwartz)

UK Telecommunications Security Bill Would Ban Huawei

Mathew J. Schwartz • November 24, 2020

The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.

Business Continuity Management / Disaster Recovery

Twitter Hires Famed Hacker 'Mudge' as Security Head

Latest

Cyberwarfare / Nation-State Attacks

Biden Reveals Picks to Head DHS, Intelligence

Scott Ferguson , Doug Olenick • November 23, 2020

President-elect Joe Biden on Monday announced that two former Obama-era officials are his nominees to head the U.S. Department of Homeland Security and the Office of Director of National Intelligence.

Business Continuity Management / Disaster Recovery

COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 23, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

Breach Notification

Manchester United Investigating Cybersecurity Incident

Prajeet Nair • November 23, 2020

The Manchester United football club of the U.K.'s Premier League is investigating a cybersecurity incident that has affected some of the organization's IT infrastructure, although it says it appears that fan and user data has not been exposed.

Cybercrime as-a-service

Qbot Banking Trojan Now Deploying Egregor Ransomware

Akshaya Asokan • November 23, 2020

The operators behind the Qbot banking Trojan are now deploying a recently uncovered ransomware variant called Egregor to target organizations across the world, according to researchers at Group-IB.

Account Takeover Fraud

Florida Man Gets 3-Year Prison Term for Account Takeover Scam

Chinmay Rautmare • November 21, 2020

A Florida man has been sentenced to 37 months in prison after pleading guilty to a federal laundering money charge stemming from a $9 million business account takeover scheme, according to the Justice Department.

Cybercrime as-a-service

Grelos Skimmer Variant Co-Opts Magecart Infrastructure

Akshaya Asokan • November 21, 2020

Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against e-commerce sites, according to RiskIQ. The malware has been found on several small and mid-size e-commerce sites worldwide.

Breach Notification

Eye Care Center Operator's Customer Data Hacked

Marianne Kolbasuk McGee • November 20, 2020

A U.S. unit of Italian-based eyewear maker and eye care center conglomerate Luxottica has reported a breach affecting over 829,000 individuals - the fourth largest health data breach added to the U.S. federal tally so far this year. It's unclear if a recent ransomware attack is related.

Cybercrime

Fraudsters Use Free Google Services in Phishing Campaigns

Prajeet Nair • November 20, 2020

Fraudsters are increasingly using free Google services to create more realistic phishing emails and malicious domains that circumvent security filters, the security firm Armorblox reports.

Cloud Security

AWS Flaw Allows Attackers to Find Users' Access Codes

Chinmay Rautmare • November 20, 2020

A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.

Account Takeover Fraud

Global Financial Industry Facing Fresh Round of Cyberthreats

Prajeet Nair • November 20, 2020

Although the global financial industry has made strides in protecting its data from malware, including Trojans, cyberthreats such as network intrusion, ransomware and criminal gang cooperation are presenting fresh challenges, according to the Carnegie Endowment for International Peace.

Cybercrime as-a-service

2 Arrested for Operating Malware Encryption Service

Doug Olenick • November 20, 2020

Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools.

Business Continuity Management / Disaster Recovery

Christopher Krebs Describes Accomplishments

Anna Delaney • November 20, 2020

This edition of the ISMG Security Report features a discussion with Christopher Krebs, the recently fired director of the Cybersecurity Infrastructure Security Agency, on his accomplishments at the agency. Also featured are updates on ransomware gangs recruiting affiliates and healthcare supply chain risks.