Latest

►

Endpoint Security

CISO Conversations: 'Moving at the Speed of Medicine'

Tom Field  •  April 9, 2020

Washington state was the initial epicenter of the COVID-19 outbreak in the U.S., and Cris Ewell was at the heart of the crisis as CISO of UW Medicine. He shares his insights and lessons learned from supporting caregivers and a remote workforce during the pandemic.

Cybercrime

UK and US Security Agencies Sound COVID-19 Threat Alert

Mathew J. Schwartz  •  April 9, 2020

Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.

►

Fraud Management & Cybercrime

Faces of Fraud 2020: COVID-19's Impact

Tom Field  •  April 9, 2020

The cyberthreat and fraud landscape is ever-changing, and attackers are upping the game with more advanced attacks. The COVID-19 pandemic has accelerated socially engineered schemes, such as phishing and virus-related scams. CISO Stephen Fridakis and consultant Rocco Grillo discuss how to ramp up defenses.

Cybercrime

Latest Botnet Offers DDoS Attacks on Demand

Akshaya Asokan  •  April 9, 2020

The operator of a newly discovered botnet dubbed "Dark Nexus" is offering cybercriminals access to an array of capabilities, include the ability to launch DDoS attacks on demand, according researchers at Bitdefender.

Cybercrime

Russia Used Fake US Documents for Disinformation: Report

Apurva Venkat  •  April 9, 2020

A recent disinformation campaign that apparently originated in Russia used forged U.S. diplomatic documents and social media to spread false stories in Eastern Europe and Asia, according to a new research report, which warns that these tactics could be used against the U.S. in the run-up to the fall election.

Governance & Risk Management

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Mathew J. Schwartz  •  April 8, 2020

Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns. It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Cybercrime

Hackers Have Targeted Linux Servers for Years: Report

Ishita Chigilli Palli  •  April 8, 2020

For nearly a decade, five hacking groups with apparent links to the Chinese government have targeted vulnerable Linux servers that make up the backend IT infrastructure of thousands of companies and organizations around the world, according to a research report from BlackBerry.

Governance & Risk Management

Australia Considers How to Approach Pandemic Contacts Tracing

Jeremy Kirk  •  April 8, 2020

Australia is investigating how it can leverage data to slow the spread of COVID-19. This raises myriad privacy and security questions, including whether the public would embrace such a system and how long it should be in place.

Cybercrime

More Zero-Day Exploits For Sale: Report

Akshaya Asokan  •  April 8, 2020

Zero-day exploits are increasingly a commodity that advanced persistent threat groups can purchase and use to wage attacks, according to a report from security firm FireEye. The report says the number of attacks leveraging such exploits grew last year.

Business Email Compromise (BEC)

FBI: COVID-19-Themed Business Email Compromise Scams Surge

Ishita Chigilli Palli  •  April 7, 2020

Fraudsters are taking advantage of the uncertainty over the global COVID-19 pandemic to ramp-up business email compromise scams designed to steal money, the FBI and security researchers warn.

Application Security

Researchers Propose COVID-19 Tracking App

Ishita Chigilli Palli  •  April 7, 2020

Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Cybercrime

Hackers Target Chinese Government Agencies Via VPNs: Report

Apurva Venkat  •  April 7, 2020

Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report.