Latest

Endpoint Security

SonicWall Patches 3 Zero-Day Flaws

Jeremy Kirk  •  April 21, 2021

SonicWall has patched three zero-day vulnerabilities in the hosted and on-premises versions of its Email Security product after attackers began exploiting them last month. Attackers can exploit the flaws to access email and pivot deeper into organizations' systems, FireEye Mandiant reports.

►

Fraud Management & Cybercrime

Mitigating Risks as Ransomware Tactics Change

Anna Delaney  •  April 21, 2021

Ransomware attacks now routinely feature multifaceted extortion efforts, and defenses need to evolve, says Stuart McKenzie of FireEye, who offers an analysis of the findings of the FireEye M-Trends 2021 report.

3rd Party Risk Management

Nation-State Actor Linked to Pulse Secure Attacks

Doug Olenick  •  April 20, 2021

The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.

Governance & Risk Management

Identity Management at the Core of Recent M&A Activity

Doug Olenick  •  April 20, 2021

Identity management was the focus of three acquisitions announced in the last several days by Mastercard, Entrust and Keyfactor.

3rd Party Risk Management

Did Huawei Eavesdrop on KPN Mobile Network?

Mathew J. Schwartz  •  April 20, 2021

A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.

ATM / POS Fraud

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Scott Ferguson  •  April 19, 2021

A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

►

Cybercrime

How to Prevent Wire Transfer Fraud

Suparna Goswami  •  April 19, 2021

How is wire transfer fraud evolving, and how can the risk be mitigated? Three experts provide insights in this panel discussion.

Breach Notification

Attackers Continue to Target UK Universities

Akshaya Asokan  •  April 17, 2021

The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.

Cybercrime as-a-service

Houston Rockets Investigate Ransomware Attack

Doug Olenick  •  April 16, 2021

The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility. Babuk ransomware is known to be buggy and cannot always be decrypted - even with the proper key.

►

Breach Notification

ISMG Editors’ Panel: The Facebook Breach and More

Anna Delaney  •  April 16, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.

3rd Party Risk Management

Attack on Codecov Affects Customers

Doug Olenick  •  April 16, 2021

Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney  •  April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.