President Joe Biden (Photo: Wikipedia)

US Sanctions Russia Over SolarWinds Attack, Election Meddling

Scott Ferguson • April 15, 2021

The Biden administration has formally sanctioned Russia over the cyber operation that targeted SolarWinds and its customers as well as the disinformation campaign against the 2020 U.S. elections. The NSA and other agencies also attributed the SolarWinds attack to Russia's Foreign Intelligence Service, or SVR.

►

Application Security

Stolen Cards, Reportedly From Cardpool.com, Sold on Darknet

Latest

Biometrics

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Tom Field • April 16, 2021

No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply-chain attack, and to play Buzzword Mystery Date with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?

3rd Party Risk Management

Does FBI Exchange Remediation Action Set a Precedent?

Anna Delaney • April 16, 2021

The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.

Cryptocurrency Fraud

Lazarus E-Commerce Attackers Also Targeted Cryptocurrency

Mathew J. Schwartz • April 15, 2021

Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.

Advanced SOC Operations / CSOC

SOC Automation: The Road Ahead

Suparna Goswami • April 14, 2021

To ensure adequate protection against emerging threat, organizations should automate more functions within their SOCs, says Huzefa Motiwala, director, system engineering, India and SARRC at Palo Alto Networks.

Endpoint Protection Platforms (EPP)

Developing an Effective Incident Response Plan

Suparna Goswami • April 14, 2021

An incidence response plan is worthless unless it's customized to meet an organization's needs and tested on a regular basis, says Mark Goudie, regional director services, APJ, at CrowdStrike.

Governance & Risk Management

FBI Removing Web Shells From Infected Exchange Servers

Jeremy Kirk • April 14, 2021

In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.

Fraud Management & Cybercrime

Defining Synthetic ID Fraud: How It Helps With Mitigation

Suparna Goswami • April 14, 2021

Now that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say.

Endpoint Security

State of the Marketplace: A Conversation With Dave DeWalt

Tom Field • April 14, 2021

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.

Business Email Compromise (BEC)

How Fraudsters Nearly Stole $17.5 Million via PPE Fraud

Mathew J. Schwartz • April 14, 2021

Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.

Application Security

Microsoft Patches 4 Additional Exchange Flaws

Doug Olenick • April 13, 2021

Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.

Cybercrime

Initial Access Brokers: Credential Glut Weakening Prices?

Mathew J. Schwartz • April 13, 2021

Initial access brokers continue to ply their trade, selling immediate access to hacked sites to make it easier for gangs to steal data and crypto-lock systems. But researchers say an overabundant supply of access credentials appears to be driving down the prices being commanded on cybercrime forums and markets.

DDoS Protection

Millions of Devices Potentially Vulnerable to DNS Flaws

Doug Olenick • April 13, 2021

Forescout Research Labs and the Israeli security firm JSOF have found nine Domain Name System vulnerabilities affecting four TCP/IP stacks that, if exploited, could lead to remote code execution or denial-of-service attacks - potentially on millions of devices.