MakerBot's Replicator, a 3D printer.

Thingiverse Breach: 50,000 3D Printers Could Have Been Hijacked

Jeremy Kirk • October 18, 2021

A former employee of MakerBot says a data breach affecting that company's Thingiverse 3D printing repository website is far more expansive than what the company is acknowledging. Upwards of two million users may be affected, and 3D printers could have been hijacked.

Cybercrime

Ransomware: No Decline in Victims Posted to Data Leak Sites

Profiles in Leadership: Dr. Frances Undelikwo, Fidelity Bank

3rd Party Risk Management

Nobelium Makes Russia Leader in Cyberattacks

Latest

Anti-Money Laundering (AML)

Treasury Dept. to Crypto Companies: Comply with Sanctions

Dan Gunderman • October 16, 2021

The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.

Cybercrime

MirrorBlast Campaign Targets Finance Sector Using Macros

Prajeet Nair • October 16, 2021

Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations. The campaign delivers MirrorBlast via a phishing email that contains malicious links.

Business Continuity Management / Disaster Recovery

US Agencies to Water Facilities: You May Be Next Target

Dan Gunderman • October 15, 2021

U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities. They cite "ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices" of U.S. water and wastewater systems.

Business Continuity Management / Disaster Recovery

Ransomware Attack on Israeli Medical Center Raises Alarm

Marianne Kolbasuk McGee • October 15, 2021

Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera. The hospital said it is "using alternative systems" to care for its patients.

3rd Party Risk Management

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Anna Delaney • October 15, 2021

In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.

Account Takeover Fraud

Teenage Cybercrime: Giving Young Hackers A Second Chance

Anna Delaney • October 15, 2021

The latest edition of the ISMG Security Report features an analysis of attempts made by European law enforcement to encourage young cybercriminals to channel their skills in more ethical ways. Also featured: Fraud detection and response; inspiring behavioral change.

Fraud Management & Cybercrime

House Lawmakers Announce Bill Targeting Tech Algorithms

Dan Gunderman • October 14, 2021

Democratic lawmakers on the House Committee on Energy and Commerce announced legislation that would rein in tech algorithms on platforms exceeding 5 million monthly viewers. This follows a high-profile whistleblower case heard before Congress on Facebook's allegedly questionable data policies.

Application Security

Flaws In GitHub Actions Bypass Code Review Mechanism

Prajeet Nair • October 14, 2021

Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.

Breach Notification

Thingiverse Data Leak Affects 228,000 Subscribers

Mihir Bagwe • October 14, 2021

Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information.

3rd Party Risk Management

US Convenes Global Ransomware Summit Without Russia

Dan Gunderman • October 13, 2021

The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations. This gathering aims to elevate both law enforcement collaboration and diplomatic efforts. Noticeably absent from the summit: Russia.

DDoS Protection

Dutch Cyber Cops Tell Stresser/Booter Customers: Cut It Out

Mathew J. Schwartz • October 13, 2021

Dutch cybercrime police have a message for almost 30 users of an on-demand distributed denial-of-service site: We see what you're doing; now cut it out or we're going to arrest you. And not for the first time, the move shows police in Europe emphasizing ethical hacking pursuits instead for young adults.

Anti-Money Laundering (AML)

3 Men Charged by US DOJ With Laundering BEC Proceeds

Mihir Bagwe • October 13, 2021

The U.S. Attorney's Office for the Eastern District of Virginia last week indicted three men - including an ex-employee of Bank of America and TD Bank - with money laundering and aggravated identity theft after the men allegedly conducted an extensive business email compromise scheme.