Latest

►

Business Continuity Management / Disaster Recovery

COVID-19 Latest: 'We Are Really Struggling'

Tom Field  •  November 27, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

Business Continuity Management / Disaster Recovery

Hot Cybercrime Trend: Enterprise-Scale Ransomware Hits

Anna Delaney  •  November 27, 2020

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favour of ransomware attacks. Also featured: Defending against deepfakes; supporting a dispersed workforce.

Device Identification

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Jeremy Kirk  •  November 26, 2020

Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair  •  November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Hackers Exploit MobileIron Flaw

Akshaya Asokan  •  November 25, 2020

The U.K. National Cyber Security Center is warning that nation-state hackers and cybercriminals are exploiting a remote vulnerability in MobileIron's mobile device management tool to target organizations in the country.

Governance & Risk Management

Linux Botnet Disguises Itself as Apache Server

Prajeet Nair  •  November 25, 2020

The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, according to Intezer Labs.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick  •  November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.

Breach Notification

Manchester United Investigating Cybersecurity Incident

Prajeet Nair  •  November 23, 2020

The Manchester United football club of the U.K.'s Premier League is investigating a cybersecurity incident that has affected some of the organization's IT infrastructure, although it says it appears that fan and user data has not been exposed.

Business Continuity Management / Disaster Recovery

From St. Louis to France, Ransomware Victim List Expands

Mathew J. Schwartz  •  November 23, 2020

Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.

Account Takeover Fraud

Florida Man Gets 3-Year Prison Term for Account Takeover Scam

Chinmay Rautmare  •  November 21, 2020

A Florida man has been sentenced to 37 months in prison after pleading guilty to a federal laundering money charge stemming from a $9 million business account takeover scheme, according to the Justice Department.

Cybercrime

Fraudsters Use Free Google Services in Phishing Campaigns

Prajeet Nair  •  November 20, 2020

Fraudsters are increasingly using free Google services to create more realistic phishing emails and malicious domains that circumvent security filters, the security firm Armorblox reports.

Cloud Security

AWS Flaw Allows Attackers to Find Users' Access Codes

Chinmay Rautmare  •  November 20, 2020

A recently uncovered vulnerability in a class of Amazon Web Service APIs can be exploited to leak AWS identity and access management user and arbitrary accounts, according to Palo Alto Networks' Unit 42.