Brexit: The Impact on Privacy and National Security

Anna Delaney • January 20, 2021

Regulatory experts Jonathan Armstrong and Thom Langford analyze the impact of Brexit on the U.K.'s data privacy and national security in an in-depth interview.

3rd Party Risk Management

Free Auditing Tool Helps Detect SolarWinds Hackers' Malware

3rd Party Risk Management

'Raindrop' Is Latest Malware Tied to SolarWinds Hack

Breach Notification

Privacy Fines: Total GDPR Sanctions Reach $331 Million

COVID-19 Vaccine Documents, Personal Data Leaked

Latest

Cyberwarfare / Nation-State Attacks

Malwarebytes CEO: Firm Targeted by SolarWinds Hackers

Prajeet Nair • January 20, 2021

The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."

COVID-19

COVID-19 First Anniversary: It's About Vaccines & Variants

Tom Field • January 20, 2021

As the U.S. marks its first anniversary of fighting COVID-19, pandemic expert Regina Phelps says the next several, critical weeks come down to two vital words: vaccines and variants. "Those are going to determine our destiny for the long and foreseeable future," she says.

Cybercrime

'FreakOut' Botnet Targets Unpatched Linux Systems

Prajeet Nair • January 20, 2021

Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

Governance & Risk Management

Microsoft Taking Additional Steps to Address Zerologon Flaw

Prajeet Nair • January 19, 2021

Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.

Breach Notification

OpenWRT Project Community Investigating Data Breach

Prajeet Nair • January 19, 2021

OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.

Endpoint Security

Police Arrest Suspect in Pelosi Laptop Theft

Jeremy Kirk • January 19, 2021

Police have arrested Riley June Williams of Pennsylvania, who a tipster alleges stole a laptop or hard drive belonging to House Speaker Nancy Pelosi. But is the tipsters claim that she had planned to pass the device to a friend in Russia credible?

Cyberwarfare / Nation-State Attacks

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege

Mathew J. Schwartz • January 18, 2021

The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.

Business Email Compromise (BEC)

COVID-19 Vaccine Themes Persist in Fraud Schemes

Prajeet Nair • January 18, 2021

Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.

Breach Notification

NZ Reserve Bank Governor Says He 'Owns' Breach

Jeremy Kirk • January 18, 2021

The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.

Card Not Present Fraud

Joker's Stash Reportedly Shutting Down Operations

Akshaya Asokan • January 16, 2021

Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming he will "retire" at that time, according to Gemini Advisory. Researchers say fraudsters will quickly move to other sites.

Cybercrime

Hacker Blows Chance at Early Release by Hacking More

Doug Olenick • January 16, 2021

The U.S. Justice Department has charged Ardit Ferizi, a Kosovo citizen, with fraud and identity theft, accusing him of continuing to commit cybercrimes while he was behind bars serving a 20-year prison sentence for aiding Islamic terrorist groups.

Cybercrime as-a-service

Magecart Groups Hide Behind 'Bulletproof' Hosting Service

Prajeet Nair • January 16, 2021

Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers at RiskIQ. The hosting service is notorious for catering to cybercriminals and hackers.