Latest

Endpoint Security

How WastedLocker Evades Anti-Ransomware Tools

Prajeet Nair  •  August 5, 2020

WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos.

Endpoint Security

FBI Warns of Serious Risks Posed by Using Windows 7

Akshaya Asokan  •  August 5, 2020

The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access. The agency points to an uptick in such attack attempts.

Governance & Risk Management

Why Flash Player Removal Should Be a Priority

Doug Olenick  •  August 4, 2020

Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.

Fraud Management & Cybercrime

Twitter Hack: Suspects Left Easy Trail for Investigators

Doug Olenick  •  August 3, 2020

Suspects in the epic attack against Twitter were uncovered, in part, by the use of their real photo identification for cryptocurrency accounts they used to broker the sale of stolen usernames. The mistakes proved crucial to their identification, according to court documents.

Endpoint Security

Microsoft May Be TikTok's Privacy and Security Lifeline

Jeremy Kirk  •  August 3, 2020

Is Microsoft coming to TikTok's rescue? It appears that's a very strong possibility following President Donald Trump's threat Friday to ban the app in the U.S. Microsoft hasn't committed to buying part of TikTok, but says if it did, it would bring the popular app world-class security and privacy protections.

Fraud Management & Cybercrime

Secret Service Agent Offers Cybercrime-Fighting Insights

Anna Delaney  •  August 3, 2020

Christopher Leone, assistant special agent in charge, United States Secret Service, offers advice to organizations on forging relationships with law enforcement as part of their cybersecurity incident preparedness plans.

Endpoint Security

Boot-Loading Flaw Affects Linux, Windows Devices

Akshaya Asokan  •  July 31, 2020

A vulnerability that can impede the boot-loading process of an operating system could potentially affect billions of Linux and Windows machines, according to Eclypsium. The flaw, called "BootHole," could enable an attacker to gain near total control of an infected device.

Endpoint Security

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland  •  July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Governance & Risk Management

VPN Vulnerabilities Put Industrial Control Systems at Risk

Prajeet Nair  •  July 30, 2020

Vulnerabilities in some VPNs used to remotely connect to industrial control systems could enable hackers to compromise large-scale industrial organizations, the security firm Claroty reports.

Fraud Management & Cybercrime

8 Tips for Crafting Ransomware Defenses and Responses

Mathew J. Schwartz  •  July 29, 2020

Security experts say that ransomware victims too often treat the malware infection as an isolated event, when they should instead assume that attackers remain in their network until proven otherwise. Here are eight tips for dealing with ransomware and other intrusions and making a full recovery.

Fraud Management & Cybercrime

US, UK Agencies Warn: QNAP NAS Devices Vulnerable

Akshaya Asokan  •  July 28, 2020

U.S. and U.K. cybersecurity agencies issued a joint warning this week that over 62,000 QNAP network-attached storage devices worldwide have been infected with data-stealing malware.

Endpoint Security

Lifespan Health System Hit With $1 Million HIPAA Fine

Marianne Kolbasuk McGee  •  July 27, 2020

Federal regulators have slapped the Rhode Island-based health system Lifespan with a $1 million HIPAA settlement tied to a 2017 data breach involving the theft of an unencrypted laptop that potentially exposed the data of 20,000 individuals. It's the largest HIPAA enforcement action so far this year.