Researchers have tied a group skilled in phishing attacks with running both cybercrime and cyberespionage campaigns.

Hacking Group Seen Mixing Cybercrime and Cyberespionage

Mathew J. Schwartz • June 8, 2023

Hacking group Asylum Ambuscade, which security researchers say aligns with Belarusian government interests, has an "unusual" twist: It appears to be mixing cybercrime - focused on banking and cryptocurrency customers - with cyberespionage, including attacks targeting Ukraine.

Blockchain & Cryptocurrency

Hackers Exploited Zero-Day Bug for 8 Months, Barracuda Warns

Latest

Cloud Security

Cloud Security Trends, Best Practices Everyone Should Know

Tom Field • June 9, 2023

As cloud migration continues across regions and sectors, how are organizations choosing security tools, and how are those tools being operationalized? Which practices are producing the best security outcomes? Explore these cloud security tips from Palo Alto Networks' Ben Nicholson.

3rd Party Risk Management

Mastering Stakeholder Comms: How to Get Buy-In From the Top

Tom Field • June 9, 2023

CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.

Cryptocurrency Fraud

ISMG Editors: Verizon's DBIR Reveals Surge in BEC Scams

Anna Delaney • June 9, 2023

In the latest weekly update, four ISMG editors discuss highlights from Verizon's 16th annual Data Breach Investigations Report, what's on the mind of CISOs in Malaysia and the Philippines, and how the U.S. SEC sued crypto trading platforms Binance and Coinbase over securities violations.

Cloud Security

Threat Detection for 'DEED' Environments of Enterprises Today

Steve King • June 9, 2023

Martin Roesch, CEO of Netography, discusses the company's platform, which is for dispersed, ephemeral, encrypted and diverse - what he refers to as "DEED" - environments. DEED works with the multi-cloud, hybrid and on-premises, IT and OT environments that modern large enterprises have today.

Fraud Management & Cybercrime

New Entrants to Ransomware Unleash Frankenstein Malware

Mathew J. Schwartz • June 9, 2023

Ransomware hackers are stretching the concept of code reuse to the limit as they confront the specter of diminishing returns for extortionate malware. In their haste to make money, some new players are picking over the discarded remnants of previous ransomware groups.

Fraud Management & Cybercrime

Nova Scotia Health Says 100,000 Affected by MOVEit Hack

Marianne Kolbasuk McGee • June 8, 2023

Hackers stole personal information of up to 100,000 employees of Nova Scotia Health by exploiting the zero-day in Progress Software's MOVEit managed file transfer application. The software is widely used in the healthcare sector, warned the U.S. federal government.

Governance & Risk Management

Blackpoint Gets $190M From Bain Capital to Boost MSP Defense

Michael Novinson • June 8, 2023

Bain Capital led a $190 million investment into a managed detection and response provider founded by a former National Security Agency computer operations expert. The money will support development of Blackpoint's security technology and enable its MSP partners to combat a changing threat landscape.

Blockchain & Cryptocurrency

Cryptohack Roundup: Court Summons for Binance Chief

Rashmi Ramesh • June 8, 2023

This week: A U.S. federal court issued a summons to Binance CEO Changpeng Zhao, Lazarus may be behind the $35 million Atomic Wallet heist, and Manhattan prosecutors seized a scam crypto recovery website. Also, the Blockchain Association weighs in on Tornado Cash, and crypto security attacks decline.

Fraud Management & Cybercrime

Breach Roundup: Barracuda Networks Recalls Hacked Appliances

Anviksha More • June 8, 2023

This week: Barracuda Networks recalls hacked email security appliances, the latest on MOVEit, and a Gigabyte motherboard firmware security vulnerability is exposed. Also, researchers detail a patched flaw in the Microsoft Visual Studio extension installer, and ransomware hits across the globe.

Business Email Compromise (BEC)

US DOJ Indicts 6 for $6M Business Email Compromise Scam

Rashmi Ramesh • June 8, 2023

U.S. federal prosecutors unsealed indictments Wednesday against six Houston-area men for an alleged six-month spree of business email compromise thefts adding up to nearly $6 million. Business email compromise is a mainstay of social engineering fraud.

Cyberwarfare / Nation-State Attacks

Suspected Nation-State Actors Target US Aerospace Industry

Prajeet Nair • June 7, 2023

Suspected nation-state hackers are using malware that researchers say straddles the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry. Researchers from Adlumin in May found the malware on a defense contractor's network.

Governance & Risk Management

Dragos Lays Off 9% of Workers as OT Security Spending Slows

Michael Novinson • June 7, 2023

Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.