Russian state hackers are using new stealth tactics. (Picture: Pixabay)

Mandiant: SolarWinds Attackers Continue to Innovate

Prajeet Nair • December 6, 2021

A suspected Russian group blamed for the SolarWinds compromise in 2020 is continuing to innovate and is infiltrating technology services and resellers, according to a new report from Mandiant. Mandiant says the group, which it calls UNC2452 and Microsoft calls Nobelium, practices "top-notch operational security."

Access Management

The Ransomware Files, Episode 2: Bridging Backup Gaps

Latest

3rd Party Risk Management

Kafdrop Flaw Puts Data of 'Major Global Players' at Risk

Rashmi Ramesh • December 6, 2021

A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.

Blockchain & Cryptocurrency

Nearly $200 Million Stolen in BitMart Crypto Exchange Hack

Dan Gunderman • December 6, 2021

Nearly $200 million has reportedly been stolen from the cryptocurrency exchange BitMart, one of the top centralized crypto exchanges by volume, according to China-based blockchain analytics firm PeckShield, which tracked the heist beginning Saturday.

3rd Party Risk Management

Microsoft Teams’ New Feature Sparks Security Concerns

Soumik Ghosh • December 6, 2021

A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.

Electronic Healthcare Records

Medical Workers Plead Guilty to PHI Access-Related Crimes

Marianne Kolbasuk McGee • December 6, 2021

A medical biller in Florida and an emergency medical technician in New York have each pleaded guilty in two separate federal cases involving the criminal misuse of patient information. One case involved healthcare fraud and identity theft, and the other criminal HIPAA violations.

Breach Notification

Incident Response: Best Practices in the Age of Ransomware

Mathew J. Schwartz • December 6, 2021

Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.

3rd Party Risk Management

Alert: 'Cuba' Ransomware Slams Critical Sector Organizations

Prajeet Nair • December 4, 2021

The FBI warns that the "Cuba" ransomware-wielding attackers have extorted $43.9 million in ransom payments from victims after compromising at least 49 organizations across five critical infrastructure sectors - financial services, government, healthcare, manufacturing and IT - since early November.

Endpoint Security

Report: NSO Group Spyware Found on State Department Phones

Dan Gunderman • December 3, 2021

Spyware from sanctioned Israeli firm NSO Group has reportedly been detected on at least nine iPhones belonging to U.S. State Department officials with "state.gov" email addresses, who are located in Uganda or whose work focuses on Uganda, according to Reuters.

Incident & Breach Response

Researcher: Healthcare Staffing Database Exposed Worker PII

Marianne Kolbasuk McGee • December 3, 2021

A security researcher says a misconfigured, non-password-protected database of a healthcare staffing company potentially exposed the personal information in about 170,000 medical worker records. The staffing firm, however, disputes the details of what was allegedly contained in the database.

3rd Party Risk Management

TSA Issues New Cybersecurity Requirements for Rail Sector

Dan Gunderman • December 3, 2021

The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.

Business Continuity Management / Disaster Recovery

BIO-ISAC: Beware of Tardigrade Attacks on Biomanufacturers

Marianne Kolbasuk McGee • December 3, 2021

The Bioeconomy Information Sharing and Analysis Center is warning biotechnology organizations, including vaccine makers and other biomanufacturers, of escalating threats involving Tardigrade malware, which experts say is used to launch ransomware and other potentially serious attacks.

Cybercrime

Arrest Points to Ubiquiti Breach Being an Inside Job

Prajeet Nair • December 3, 2021

A former employee of a New York-based technology company, likely to be IoT technology company Ubiquiti, has been arrested for stealing confidential data and extorting his employer for nearly $2 million. If convicted, the suspect faces up to 37 years in prison.

Account Takeover Fraud

Deepfakes, Voice Impersonators Used in Vishing-as-a-Service

Soumik Ghosh • December 3, 2021

Advanced voice impersonation and deepfake technologies are giving rise to cybercrime groups that offer Vishing-as-a-Service, security researchers say. Vishing is proving to be successful in tricking victims and bypassing voice authorization mechanisms.