Latest

Fraud Management & Cybercrime

Phishing Campaign Mimics Microsoft Teams Alerts

Chinmay Rautmare  •  October 23, 2020

Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials.

Forensics

LockBit Ransomware Uses Automation Tools to Pick Targets

Prajeet Nair  •  October 23, 2020

The operators behind the LockBit ransomware strain use automation tools and techniques that help the malware quickly spread through a compromised network and also assist in picking specific targets, according to Sophos.

Critical Infrastructure Security

Analysis: The Significance of Russian Hackers' Indictment

Anna Delaney  •  October 23, 2020

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

Breach Notification

Indian Pharmaceutical Company Investigates Security Incident

Prajeet Nair  •  October 22, 2020

Dr. Reddy's Laboratories, a multinational pharmaceutical company based in India that's testing a COVID-19 vaccine, says it isolated its data center services Thursday following what it calls a "detected cyberattack."

Fraud Management & Cybercrime

Phishing Emails Target Coinbase Exchange Users

Chinmay Rautmare  •  October 21, 2020

Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4.

Cybercrime

Microsoft Continues Trickbot Crackdown

Prajeet Nair  •  October 21, 2020

Microsoft and its partners are continuing to put pressure on the Trickbot malware operation, eliminating an estimated 94% of its infrastructure. But some security researchers warn that the botnet's operators are developing workarounds to re-establish its infrastructure, enabling the group to resume its activities.

Finance & Banking

Home Loan Trading Platform Exposes Mortgage Documentation

Jeremy Kirk  •  October 21, 2020

MAXEX, a company that develops a digital trading platform for the secondary mortgage market in the U.S., leaked 9 GB of internal documentation as well as full mortgage applications for 23 individuals. The data was released by a Swiss-based developer who apparently was unaware it was sensitive.

Anti-Money Laundering (AML)

Bitcoin 'Mixer' Fined $60 Million

Akshaya Asokan  •  October 20, 2020

The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee  •  October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.

Cyberwarfare / Nation-State Attacks

FCC Wants More Information on Threat Posed by China Unicom

Chinmay Rautmare  •  October 19, 2020

The FCC is asking the Justice Department and other executive branch agencies if China Unicom's operations within the U.S. pose a significant enough national security threat to merit revoking the company's business license.

Cybercrime

'Active Threat' Warning: Patch Serious SharePoint Flaw Now

Mathew J. Schwartz  •  October 19, 2020

Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.

Fraud Management & Cybercrime

Instagram Investigated for Exposure of Minors' Details

Jeremy Kirk  •  October 19, 2020

Ireland's Data Protection Commissioner has launched an investigation into whether Facebook's Instagram service improperly displayed the email addresses and phone numbers of minors on its platform. Facebook, Instagram's owner, could face a GDPR fine if it's found to have violated privacy requirements.