Latest

Artificial Intelligence & Machine Learning

EU Proposes Curbs on Use of AI for Surveillance

Akshaya Asokan  •  April 15, 2021

A proposed European Union regulation on artificial intelligence would restrict the use of facial recognition for surveillance, according to a draft obtained by a European news site.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz  •  April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

COVID-19

Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

Marianne Kolbasuk McGee  •  April 14, 2021

Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk  •  April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field  •  April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

Business Email Compromise (BEC)

How Fraudsters Nearly Stole $17.5 Million via PPE Fraud

Mathew J. Schwartz  •  April 14, 2021

Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.

►

3rd Party Risk Management

Modern Bank Heists: Attackers Go Beyond Account Takeover

Tom Field  •  April 13, 2021

Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.

DDoS Protection

Millions of Devices Potentially Vulnerable to DNS Flaws

Doug Olenick  •  April 13, 2021

Forescout Research Labs and the Israeli security firm JSOF have found nine Domain Name System vulnerabilities affecting four TCP/IP stacks that, if exploited, could lead to remote code execution or denial-of-service attacks - potentially on millions of devices.

Anti-Phishing, DMARC

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Jeremy Kirk , Mathew J. Schwartz  •  April 13, 2021

Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.

Fraud Management & Cybercrime

NSA Veterans Nominated for Top Cyber Posts

Scott Ferguson  •  April 12, 2021

President Joe Biden has nominated two U.S. National Security Agency veterans for top cybersecurity positions as the White House continues to confront the fallout from the SolarWinds supply chain attack as well as attacks against on-premises Microsoft Exchange email servers.

Artificial Intelligence & Machine Learning

Microsoft to Buy Nuance Communications for $19.7 Billion

Marianne Kolbasuk McGee  •  April 12, 2021

Microsoft Corp. on Monday announced it will acquire cloud-based speech technology and artificial intelligence vendor Nuance Communications in an all-cash transaction valued at $19.7 billion. The deal is expected to close by the end of this year.

Cyberwarfare / Nation-State Attacks

Iranian Nuclear Site Shut Down by Apparent Cyberattack

Prajeet Nair  •  April 12, 2021

Israeli public media outlet Kan, citing intelligence sources, says an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility on Sunday in what Iran describes as an act of "sabotage."