Latest

Business Email Compromise (BEC)

FBI: Covid-19-Themed BEC Scams Are on the Rise

Ishita Chigilli Palli  •  April 7, 2020

Fraudsters are taking advantage of the uncertainty over the global COVID-19 pandemic to ramp-up business email compromise scams designed to steal money, the FBI and security researchers warn.

Business Continuity Management / Disaster Recovery

No COVID-19 Respite: Ransomware Keeps Pummeling Healthcare

Mathew J. Schwartz  •  April 7, 2020

As the COVID-19 outbreak has intensified, so too has cybercrime, including ransomware, Interpol, the international crime-fighting agency, warns. Despite some gangs claiming to no longer be targeting healthcare organizations, experts have seen "no abatement, empathy or free decryptor" from any of them.

Application Security

Researchers Propose COVID-19 Tracking App

Ishita Chigilli Palli  •  April 7, 2020

Researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.

Cybercrime

Hackers Target Chinese Government Agencies Via VPNs: Report

Apurva Venkat  •  April 7, 2020

Hackers are targeting Chinese government agencies and their employees by taking advantage of zero-day vulnerabilities in VPN servers to plant backdoors and other malware, researchers at the Chinese security firm Qihoo 360 report.

Endpoint Security

Researcher Finds Flaws in HP's Software Assistant Tool

Jeremy Kirk  •  April 6, 2020

A security researcher found 10 flaws within HP's Software Assistant Tool, which is installed across HP's desktop and laptop computers. Bill Demirkapi, who found the flaws, says the software is risky because only seven of the flaws have been patched by HP.

►

Fraud Management & Cybercrime

Update: E-Commerce Fraud Trends

Nick Holland  •  April 6, 2020

E-commerce fraud schemes continue to grow and evolve, says Angie White of TransUnion, who discusses the results of new research on the subject.

►

Big Data Security Analytics

Achieving True Predictive Security Analytics

Varun Haran  •  April 6, 2020

True predictive analysis is difficult - and it sometimes takes years of learning and data modeling to get it right, says Derek Manky, chief of security insights and global threat alliances at Fortiguard Labs.

Endpoint Security

NIST Specialist Offers Telework Security Insights

Scott Ferguson  •  April 6, 2020

With the COVID-19 pandemic forcing large portions of the workforce to shift to telework, CISOs need to rethink corporate policies on the use of video conferencing platforms and other communications tools, says NIST's Jeff Greene, who offers risk mitigation advice.

Anti-Phishing, DMARC

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Akshaya Asokan  •  April 4, 2020

A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.

►

Business Continuity Management / Disaster Recovery

COVID-19 Response: The Re-Evaluation Phase

Tom Field  •  April 3, 2020

As April begins, enterprises are starting to re-evaluate their COVID-19 response plans, says crisis management expert Regina Phelps. What are the other pandemic response planning phases we can expect to see as infections spread and quarantines continue?

Cybercrime

Magecart Group Hits Small Businesses With Updated Skimmer

Ishita Chigilli Palli  •  April 3, 2020

A Magecart group has been using a new skimmer technique to target the online checkout sites of smaller businesses in order to steal credit card data, according to RiskIQ researchers, who have spotted 19 of these malicious JavaScript attacks so far.

Cybercrime

Botnet Targets Devices Running Microsoft SQL Server: Report

Apurva Venkat  •  April 3, 2020

Researchers at security firm Guardicore Labs are tracking a botnet they call Vollgar that's targeting devices running vulnerable Microsoft SQL Server databases with brute-force attacks and planting cryptominers in the infected databases.