Image: Shutterstock

US Charges Bulgarian Woman in $4B OneCoin Fraud Case

Rashmi Ramesh • March 21, 2023

A Bulgarian woman extradited to the United States for her role in a $4 billion crypto pyramid scheme adds to a growing list of law enforcement actions against perpetrators of the OneCoin Ponzi scheme. OneCoin generated $4 billion in fraudulent revenue and earned profits of close to $3 billion.

►

Governance & Risk Management

Darknet Markets Thrive Despite Repeat Disruptions by Police

Latest

Governance & Risk Management

Hackers Are Actively Exploiting Unpatched Adobe ColdFusion

Mathew J. Schwartz • March 22, 2023

Hackers have been actively exploiting vulnerabilities in ColdFusion to remotely compromise servers, Adobe warns. Since at least early January, attackers have been dropping webshells via ColdFusion, but it's unclear if only now-known vulnerabilities are being exploited, security researchers say.

Cloud Security

US FTC Seeks Information on Cloud Provider Cybersecurity

David Perera • March 22, 2023

The U.S. Federal Trade Commission is asking for public comment on cloud computing provider business and security practices. The top three providers - AWS, Microsoft Azure and Google Cloud - account for approximately two-thirds of worldwide cloud spending, which reached nearly $250 billion in 2022.

Endpoint Security

Google Suspends Chinese App Following Malware Discovery

Jayant Chakravarti • March 21, 2023

Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. Chinese security researchers say they found code designed to monitor users inside Pinduoduo versions.

Governance & Risk Management

Forrester Report: Zero Trust Adoption in Europe Is High

Anna Delaney • March 21, 2023

Forrester recently published a report that shows over two-thirds of European security decision-makers have begun to develop a zero trust strategy, and public sector organizations are leading the way. Forrester's Tope Olufon shares the cultural and regulatory roadblocks to zero trust.

Blockchain & Cryptocurrency

Hacker Exploits Months-Old Bug to Steal Crypto From ATMs

Rashmi Ramesh • March 20, 2023

Bitcoin ATM manufacturer General Bytes suspended its cloud services supporting more than 15,000 machines after a hacker exploited a vulnerability in its software to steal user passwords and private keys and made off with cryptocurrency worth millions of dollars.

Cybercrime

How Russia's Ukraine War Disrupted the Cybercrime Ecosystem

Mathew J. Schwartz • March 20, 2023

Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.

Incident & Breach Response

How Innovative Security Tools Cut Video Piracy by 85%

Suparna Goswami • March 20, 2023

Video piracy is a major concern for security teams in the media industry. Commander Praveen Kumar, global CISO of media conglomerate Zee Entertainment and winner of ISMG's Dynamic CISO Excellence Award for ROI Champion, shares his secret for reducing piracy by 85%.

Incident & Breach Response

Finding the Right Strategy for Building Cybersecurity Skills

Suparna Goswami • March 20, 2023

ISMG presented the 2023 Dynamic CISO Award to Vaibhav Tole, director of global cybersecurity at Cyient, who developed skills internally and created a team to handle incident response in-house. ISMG caught up with Tole at the conference to understand how he is doing more with less these days.

Account Takeover Fraud

Fresh Vishing Campaign Targeting South Korean Users

Prajeet Nair • March 20, 2023

Criminal hackers are targeting South Koreans with an Android Trojan that dupes victims into handing over payment card data by faking phone conversations with lenders. Developers are using "several unique evasions that we had not previously seen in the wild," Check Point researchers write.

Breach Notification

FBI Says It Arrested BreachForums Mastermind 'Pompompurin'

Prajeet Nair • March 18, 2023

Federal agents arrested the alleged administrator of the criminal underground forum BreachForums, tracing him to a small town in New York's Hudson Valley. FBI agents say Conor Brian Fitzpatrick, a resident of Peekskill, confessed to being "Pompompurin."

Governance & Risk Management

European Digital Identity Bill Heads to Final Negotiations

Akshaya Asokan • March 17, 2023

The European Parliament on Thursday approved legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Network Firewalls, Network Access Control

Chinese Hackers Targeting Security and Network Appliances

Prajeet Nair • March 17, 2023

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Mandiant researchers say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.