Crypto Exchange Bug Reveals North Korean Monero Laundering

Jeremy Kirk • September 28, 2021

Weaknesses in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from the WannaCry 2.0 attack four years ago. The issues undermined some protections in Monero, a cryptocurrency designed to provide a high degree of privacy.

Breach Notification

Massachusetts Attorney General Probing T-Mobile Breach

Latest

3rd Party Risk Management

Ransomware, Vendor Breaches Spike on Federal Tally

Marianne Kolbasuk McGee • September 28, 2021

Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up some of the largest victim counts in major health data breaches being reported to federal regulators in 2021. Will the trend continue?

Governance & Risk Management

Securing Your Network Through Zero Trust

Suparna Goswami • September 28, 2021

To successfully adopt the "zero trust" model, it is not enough to have good access control, says David Fairman, CSO, APAC at Netskope. He discusses how to secure your network using zero trust, which is especially important when employees are working from anywhere.

3rd Party Risk Management

Russia-Linked Nobelium Deploying New 'FoggyWeb' Malware

Mihir Bagwe • September 28, 2021

The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.

Application Security

New Malware 'BloodyStealer' Targets Gaming Accounts

Rashmi Ramesh • September 28, 2021

Researchers at cybersecurity firm Kaspersky have discovered an advanced Trojan, dubbed BloodyStealer, stealing gamer accounts and data from platforms such as Steam, Epic Games Stores and EA Origin. They say there is a demand for this type of data among cybercriminals.

3rd Party Risk Management

Former DHS Official to Lead HHS' HIPAA Enforcement Agency

Marianne Kolbasuk McGee • September 27, 2021

The Department of Health and Human Services has named Lisa J. Pino - a former Department of Homeland Security official charged with mitigating the massive 2015 cyberattack on Office of Personnel Management - as the new director of its HIPAA enforcement agency.

Critical Infrastructure Security

Ransomware Patch or Perish: Attackers Exploit ColdFusion

Mathew J. Schwartz • September 27, 2021

For combating ransomware, doing the security basics is essential, including keeping systems updated and patched. Don't follow in the footsteps of one technology firm, which Sophos found got hit by Cring ransomware after attackers exploited ColdFusion software that hadn't been patched in 11 years.

Breach Notification

Ransomware Attack Reportedly Cripples European Call Center

Prajeet Nair • September 25, 2021

GSS, the Spanish and Latin America division of Europe's largest call center provider - Covisian, has informed customers that it has been subjected to a ransomware attack that froze its IT systems and crippled call centers across its Spanish-speaking customer base.

Critical Infrastructure Security

REvil Ransomware Group's Latest Victim: Its Own Affiliates

Mathew J. Schwartz • September 25, 2021

Ransomware-wielding attackers love to lie to victims. But REvil - aka Sodinokibi - has reportedly been running double negotiations to make affiliates think a victim hasn't paid a ransom, using a backdoor in the malware that allows administrators to decrypt victims' systems, so affiliates don't get their cut.

Fraud Management & Cybercrime

Identity Fraud: Moving Beyond Document Verification

Suparna Goswami • September 24, 2021

In order to improve identity verification, it is not enough to only verify documents; a multilayered approach is needed, says Brett Johnson, a former fraudster who is now a cybercrime consultant. He discusses current fraud trends and how fraud is evolving.

Anti-Phishing, DMARC

Lawsuits: Negligence Led to UC San Diego Health Incident

Marianne Kolbasuk McGee • September 24, 2021

Two proposed class action lawsuits filed this week in a California federal court allege negligence and a variety of other claims against UC San Diego Health in the wake of a phishing incident that affected nearly 496,000 individuals.

Application Security

Australia Warns of Critical Vulnerability in Zoho Service

Soumik Ghosh • September 24, 2021

The Australian Cyber Security Center has issued a critical vulnerability alert in a Zoho Corp. password management service that could enable a threat actor to take control of the targeted host. The company has issued a security patch.

Anti-Phishing, DMARC

Researcher Finds Malware Targeting Mac Users via Baidu Ad

Mihir Bagwe • September 24, 2021

Chinese security researcher Pan Xiaopan has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says. The advertisement has now been taken down.