An emerging cyber espionage group that apparently started its work in South Africa last year is now focusing on targeting critical control systems for oil and gas companies in the Middle East, according to researchers at two cybersecurity firms.
The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud.
A new variant of the TrickBot banking Trojan is enabling attackers to conduct SIM swapping schemes against Verizon Wireless, Sprint and T-Mobile customers in the U.S., potentially paving the way for account takeover fraud, according to a report from Dell's SecureWorks division.
A federal grand jury indictment of Seattle software engineer Paige A. Thompson charges her with stealing 100 million records from Capital One, stealing data from at least 29 other organizations, as well as using hacked cloud computing servers to mine for cryptocurrency.
The United States' June cyberattack against Iran wiped out a critical database used by the nation's paramilitary arm to plan attacks against oil tankers and at least temporarily degraded Iran's ability to covertly target Persian Gulf shipping traffic, the New York Times reports.
French police say they've disrupted the operations of the Retadup malware gang by subverting attackers' command-and-control infrastructure to delete the malicious code from 850,000 infected PCs and servers worldwide. The move came after police received a tip and technical assistance from security firm Avast.
The list of victims affected by the American Medical Collection Agency data breach continues to grow, with four more organizations recently identified. Meanwhile, other significant data breach reports have emerged from Presbyterian Healthcare Services in New Mexico and Massachusetts General Hospital.
Within a month, the U.S. Department of Homeland Security hopes to launch a program to help states protect voter registration databases and systems in advance of the 2020 presidential election. Security experts say that in light of recent ransomware attacks against units of government, the effort is overdue.
With new threats targeting the nation's critical infrastructure, partnerships among government and private-sector security professionals are more critical than ever, says Brian Harrell of the new U.S. Cybersecurity and Infrastructure Security Agency.
The payment card industry needs to do more to tackle the rising problem of fraud, says information security expert William H. Murray, pointing to the new Apple Card - which lacks the card number printed on it - as an example of how the industry must evolve. But numerous cultural challenges remain, he says.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.