A screenshot of the Conti gang's darknet site claiming to offer data stolen from Advantech

Conti Ransomware Gang Posts Advantech's Data

Doug Olenick • December 1, 2020

The gang behind the Conti ransomware variant has posted data to its darknet website that it says it stole during a ransomware attack on industrial IoT chipmaker Advantech last month. The company reportedly confirmed the attack on Monday.

Anti-Phishing, DMARC

UK Forms National Cyber Force

Latest

Cybercrime

Researchers Find Updated Variants of Bandook Spyware

Akshaya Asokan • December 1, 2020

Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organizations.

Breach Notification

New Zealand's Refreshed Privacy Act Takes Effect

Jeremy Kirk • December 1, 2020

New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties. It also holds data handlers to higher responsibilities to counter new threats to personal data. But the law doesn't impose financial penalties as severe as the EU's GDPR.

Fraud Management & Cybercrime

Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers

Prajeet Nair • December 1, 2020

Trend Micro researchers have uncovered a macOS backdoor variant - designed to bypass security tools - that's linked to an advanced persistent threat group operating from Vietnam.

Fraud Management & Cybercrime

Hackers Using Compromised Websites to Deliver Gootkit, REvil

Akshaya Asokan • December 1, 2020

A hacking campaign in Germany is using compromised websites and social engineering tactics to deliver the Gootkit banking Trojan or REvil ransomware, according to Malwarebytes.

Fraud Management & Cybercrime

Sizing Up Synthetic DNA Hacking Risks

Marianne Kolbasuk McGee • November 30, 2020

Could hackers inject malicious code that compromises the synthetic DNA supply chain and ultimately tricks bioengineers into inadvertently developing dangerous viruses or toxins? A new research report says that's a growing concern and calls for robust security measures.

Critical Infrastructure Security

Fired CISA Director Refutes Election Fraud Allegations

Jeremy Kirk • November 30, 2020

Ex-CISA Director Christopher Krebs revealed in a "60 Minutes" interview what made officials confident that the election results were accurate: paper ballots. Krebs didn't mention President Trump by name, but refuted claims by his administration and personal lawyer, Rudy Giuliani, that the election was fraudulent.

Fraud Management & Cybercrime

'Return to Office' Phishing Emails Aim to Steal Credentials

Prajeet Nair • November 30, 2020

Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.

Critical Infrastructure Security

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Akshaya Asokan • November 28, 2020

CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.

Cybercrime

EU Law Enforcement Prevents $47.5 Million in Payment Fraud

Akshaya Asokan • November 27, 2020

Europol, along with the other law enforcement agencies in Europe, prevented payment fraud losses of $47.5 million by targeting fraudsters who were selling stolen card data on darknet websites known as card shops.

Cyberwarfare / Nation-State Attacks

UK Ramps Up Capabilities to Deter Nation-State Hackers

Tony Morbin • November 27, 2020

The U.K. is moving to improve its ability to combat online attacks via the establishment of an information warfare network named @HutEighteen. The move, announced by the Defense Academy of the United Kingdom, follows fresh EU sanctions against nation-state hackers and the U.K. standing up a National Cyber Force.

Cybercrime

Rise of the Bots: Criminal Attacks Grow More Automated

Mathew J. Schwartz • November 27, 2020

Criminals continue to rely on automated bots for phishing attacks, web scraping, credential stuffing and more. But while gangs previously needed to amass large, powerful botnets to be effective, now they need relatively few devices, says Group-IB CTO Dmitry Volkov.

Business Continuity Management / Disaster Recovery

COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 27, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.