A CISO Conversation: Managing the Remote Workforce

Tom Field • April 1, 2020

As CISO of SoftBank Investment Advisers, Gary Hayslip is dealing with a familiar crisis management challenge: Supporting a remote workforce, with extra emphasis on secure identities. But he's also keeping a close eye on his team and the risks of burnout.

Endpoint Security

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Latest

Business Continuity Management / Disaster Recovery

COVID-19 Response: The Re-evaluation Phase

Tom Field • April 1, 2020

As April begins, enterprises are starting to re-evaluate their COVID-19 response plans, says crisis management expert Regina Phelps. What are the other pandemic response planning phases we can expect to see as infections spread and quarantines continue?

Fraud Management & Cybercrime

Zoom Contacts Feature Leaks Email Addresses, Photos

Jeremy Kirk • April 1, 2020

Popular teleconferencing software Zoom is continuing to fall under scrutiny as questions are raised over its privacy and security practices. The latest issue: a feature that inadvertently reveals strangers' email addresses and profile photos.

Account Takeover

FBI Alleges Russian Man Laundered Cybercriminals' Money

Ishita Chigilli Palli • April 1, 2020

The FBI has arrested a Russian national for allegedly helping an international cybercriminal gang launder its money by turning cash into bitcoin and other cryptocurrencies, according to court documents.

Business Email Compromise (BEC)

Nigerian BEC Scammers Increase Proficiency: Report

Akshaya Asokan • April 1, 2020

Nigerian cybercriminal gangs have become even more proficient in waging business email compromise attacks, according to an analysis from Palo Alto Network's Unit 42 that describes recent trends.

Cyberwarfare / Nation-State Attacks

Election Campaign Security Revisited

Tom Field • April 1, 2020

With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S. CyberDome election security effort, shares an update.

Breach Notification

Marriott Suffers Another Massive Data Breach

Scott Ferguson • March 31, 2020

Hotel giant Marriott, which in 2018 disclosed that it had suffered one of the worst data breaches in history, is now warning that it suffered a new breach earlier this year that exposed personal details - although not payment card information - for 5.2 million customers.

Cybercrime

Phishing Campaigns Leverage Latest COVID-19 Themes

Scott Ferguson , Apurva Venkat • March 31, 2020

With the U.S. and other nations adopting economic stimulus packages as a result of the global COVID-19 pandemic, fraudsters are now using the promise of government checks as phishing lures to spread banking Trojans, according to a pair of new security research reports.

Cybercrime

FBI Warns of 'Kwampirs' Malware Supply Chain Attacks

Marianne Kolbasuk McGee • March 31, 2020

The FBI has issued an alert reminding the healthcare sector and other industries about the ongoing threat of Kwampir remote access Trojan attacks on the supply chain.

Cybercrime

FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets

Mathew J. Schwartz • March 30, 2020

The FBI warns that the notorious FIN7 cybercrime gang has a new trick up its sleeve: Mailing victims a $50 gift card portrayed as good for redeeming items listed on an accompanying USB storage device, which in reality downloads Griffon backdoor software to give attackers remote access.

Audit

Zoom Stops Transferring Data by Default to Facebook

Jeremy Kirk • March 30, 2020

Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope.

Endpoint Security

Will 5G Networks Inherit Vulnerabilities in 4G Networks?

Akshaya Asokan • March 30, 2020

If vulnerabilities in 4G cellular networks that can expose them to denial-of-service and other attacks are not addressed, emerging 5G networks could inherit these same issues, the security firm Positive Technologies reports.

Business Continuity Management / Disaster Recovery

Hijacked Routers Steering Users to Malicious COVID-19 Sites

Apurva Venkat • March 27, 2020

Cybercriminals are waging brute-force attacks that enable them to change DNS settings on home and small business routers to redirect victims to fake COVID-19-themed websites that push infostealer malware, according to the security firm Bitdefender.