Latest

Cybercrime

Maze Promotes Other Gang's Stolen Data On Its Darknet Site

Doug Olenick  •  June 4, 2020

The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its "Maze News" website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.

Account Takeover

COVID-19 Drives Spike in Mobile Phishing Attacks: Report

Akshaya Asokan  •  June 4, 2020

The shift to working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns, with attackers targeting remote workers whose devices lack adequate security protections, according to the security firm Lookout. Many of these campaigns are designed to steal users' banking credentials.

COVID-19

Phishers Use Fake VPN Alerts to Steal Office 365 Passwords

Ishita Chigilli Palli  •  June 4, 2020

Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security.

Governance & Risk Management

Researchers Disclose 2 Critical Vulnerabilities in SAP ASE

Doug Olenick  •  June 3, 2020

Researchers at the security firm Trustwave have disclosed six vulnerabilities in SAP Adaptive Server Enterprise 16.0 (ASE) database software, with two rated as critical. These two vulnerabilities could enable attackers to perform arbitrary code execution and tamper with a system's data.

Application Security

Survey: Security Concerns Slow Down IoT Deployments

Jeremy Kirk  •  June 3, 2020

Worries over ransomware and malware are slowing down enterprise IoT deployments, which is a reflection of the reputational and customer relationship risks at stake, according to a new survey. Here's what enterprises need to keep in mind when selecting security technology for IoT.

Fraud Management & Cybercrime

REvil Ransomware Gang Auctioning Off Stolen Data

Ishita Chigilli Palli  •  June 3, 2020

The REvil ransomware gang has created a darknet auction site for stolen data, according to the security firm Emsisoft. Will other gangs follow suit?

Cyberwarfare / Nation-State Attacks

Thousands of Exim Servers Vulnerable to Critical Flaw: Report

Akshaya Asokan  •  June 3, 2020

Thousands of unpatched Exim email servers are potentially vulnerable to a critical flaw that the NSA says Russian-backed hackers are attempting to exploit, according to the security firm RiskIQ, which also warns of two other Exim vulnerabilities that should be patched.

Cybercrime

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Mathew J. Schwartz  •  June 3, 2020

Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why?

►

Digital Identity

Secure Digital Identity in the Age of Coronavirus

Tom Field  •  June 2, 2020

Jeremy Grant has spent more than two decades championing the cause of secure digital identities. But as the COVID-19 pandemic has created a remote workforce of unprecedented scale seemingly overnight, are current approaches to securing the identity management and attestation practice up to the challenge?

Identity & Access Management

Study: Breach Victims Rarely Change Passwords

Akshaya Asokan  •  June 2, 2020

Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures.

Cybercrime

TrickBot Update Makes Malware Harder to Detect: Report

Ishita Chigilli Palli  •  June 1, 2020

The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic.

General Data Protection Regulation (GDPR)

Big GDPR Fines in UK and Ireland: What's the Holdup?

Mathew J. Schwartz  •  June 1, 2020

The EU's General Data Protection Regulation was meant to finally bring in line organizations that didn't treat Europeans' personal data with respect. But two years after the regulation went into full effect, why have both the U.K. and Ireland each issued only one final GDPR fine to date?