Example of a malicious message, written in German, that contains a malicious attachment sent through a collaboration platform channel (Source: Cisco Talos)

Fraudsters Flooding Collaboration Tools With Malware

Prajeet Nair • April 9, 2021

The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.

Governance & Risk Management

533 Million Facebook Account Records Posted to Forum

Latest

Account Takeover Fraud

Visa Describes New Skimming Attack Tactics

Doug Olenick • April 9, 2021

Visa's Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over a retailers' servers during payment card skimming attacks.

Endpoint Security

Weekly Roundup: Biden’s Cybersecurity Proposals and More

Anna Delaney • April 9, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including President Biden’s latest cybersecurity proposals and large vendor-related breaches in healthcare.

Cyberwarfare / Nation-State Attacks

Lazarus Group Targets Freight Logistics Firm

Akshaya Asokan • April 9, 2021

The Lazarus Group, a North Korean-linked APT group, has recently deployed a previously undocumented backdoor called "Vyveva" to target a freight logistics company in South Africa, according to ESET.

Cybercrime

Crisis Communications: How to Handle Breach Response

Anna Delaney • April 9, 2021

The latest edition of the ISMG Security Report features an analysis of why transparent communication in the aftermath of a data breach pays off. Also featured: Mastercard on digital identity issues; building a more diverse and inclusive cybersecurity workforce.

Cryptocurrency Fraud

600,000 Payment Cards Stolen From Swarmshop Darknet Market

Doug Olenick • April 8, 2021

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

Cybercrime

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Doug Olenick • April 8, 2021

Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.

Business Continuity Management / Disaster Recovery

Ransomware Gang Exploits Old Fortinet VPN Flaw

Akshaya Asokan • April 8, 2021

The gang behind ransomware dubbed "Cring," which has waged a series of attacks this year, is exploiting a Fortinet VPN server vulnerability that the company patched in 2019, according to a report from the security firm Kaspersky that analyzes one attack in Europe.

Governance & Risk Management

Rockwell Automation Fixes 9 Flaws in FactoryTalk AssetCentre

Prajeet Nair • April 8, 2021

Researchers have uncovered nine critical vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre product, which, if exploited, potentially could enable attackers to control an OT network. An updated version of the product mitigates the flaws.

Cybercrime

In Wake of Breaches, Accellion Faces at Least 14 Lawsuits

Marianne Kolbasuk McGee • April 7, 2021

At least 14 lawsuits seeking class-action status have been filed against Accellion in the wake of breaches of the vendor's 20-year-old File Transfer Appliance. A motion to consolidate the cases has also been filed.

Fraud Management & Cybercrime

Attackers Target Unpatched SAP Applications

Akshaya Asokan • April 7, 2021

Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.

Card Not Present Fraud

Stolen Cards, Reportedly From Cardpool.com, Sold on Darknet

Akshaya Asokan • April 6, 2021

A Russian-speaking cybercriminal recently sold on a darknet forum thousands of stolen payment and gift cards that researchers at Gemini Advisory believe were taken from the now-defunct online gift card exchange Cardpool.com.

Breach Notification

Capital One Warns of More Data Leaked in 2019 Breach

Prajeet Nair • April 5, 2021

Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.