Latest

Cybercrime

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets

Soumik Ghosh  •  December 1, 2021

A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.

Application Security

Hackers Abuse Remote Access Tools to Steal Crypto Data

Prajeet Nair  •  December 1, 2021

Unidentified threat actors are using fake cryptocurrency-related websites to distribute the SpyAgent malware, which abuses legitimate remote access tools. They have targeted a legitimate Russian remote access tool called Safib Assistant, Trend Micro researchers note.

Business Continuity Management / Disaster Recovery

FBI Seizes Bitcoins From Alleged REvil Ransomware Affiliate

Mathew J. Schwartz  •  December 1, 2021

The FBI has seized 39.9 bitcoins worth $2.3 million from an alleged affiliate of the notorious REvil - aka Sodinokibi - ransomware group. A forfeiture notice filed by the government accuses Russian national Aleksandr Sikerin of having amassed the cryptocurrency via victims' ransom payments.

Electronic Healthcare Records

HHS Slaps 5 More Entities in HIPAA 'Right of Access' Disputes

Marianne Kolbasuk McGee  •  December 1, 2021

The Department of Health and Human Services has revealed its taken enforcement actions against five more healthcare providers in cases involving alleged failure to comply with the HIPAA Privacy Rule right of access provision. One includes a rare civil monetary penalty, which was levied against a physician.

►

Access Management

The ROI of Shift-Left Automated Testing

Information Security Media Group  •  December 1, 2021

Forrester evaluates the benefits of automated testing for the mainframe.

►

Access Management

The Evolution of Privileged User Monitoring for Mainframes

Information Security Media Group  •  December 1, 2021

Learn how the latest advances in privileged user monitoring can close windows of opportunity for attackers and keep business-critical data safe from credential theft, lateral attack movement, ransomware, and other threats.

►

Cyberwarfare / Nation-State Attacks

How to Stop a Potential Ransomware Attack Before it Happens

Information Security Media Group  •  December 1, 2021

In this on-demand webinar, you’ll learn how you can get out in front of the ransomware threat to stop hackers from locking down your data in the first place.

Breach Notification

DNA Test Firm: 2.1 Million Affected by Legacy Database Hack

Marianne Kolbasuk McGee  •  November 30, 2021

An Ohio-based DNA testing company reported to regulators that the information of more than 2.1 million individuals contained in a legacy database was accessed and acquired in a hacking incident detected in August. The archived database contained personal information collected more than a decade ago.

Application Security

Report: No Patch for Microsoft Privilege Escalation Zero-Day

Prajeet Nair  •  November 30, 2021

A Microsoft zero-day vulnerability has not been fixed by the technology giant despite having been reported months ago, according to a security researcher. To protect users, a micropatching service, 0patch, has issued unofficial, free patches.

►

Fraud Management & Cybercrime

Why Today's Security Rhetoric is Harmful and Must Change

Anna Delaney  •  November 30, 2021

In her latest book, "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts," academic Victoria Baines questions the imagery and rhetoric we use to communicate safety and security issues, and details their unwelcome impact on the workforce.

3rd Party Risk Management

FDA Playbook Aims to Bolster Medical Device Threat Modeling

Marianne Kolbasuk McGee  •  November 30, 2021

A new playbook, commissioned by the Food and Drug Administration, aims to help medical device manufacturers in developing and evolving threat modeling as an approach to strengthening the cybersecurity and safety of their products.

►

3rd Party Risk Management

Forrester Predictions: Rethinking Supply Chain Management

Anna Delaney  •  November 30, 2021

Forrester's Sandy Carielli and Jeff Pollard discuss their latest research, Predictions 2022: Cybersecurity, Risk and Privacy, which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.