This illustration shows how the Water Nue BEC scam targets Office 365 credentials. (Source: Trend Micro)

BEC Scam Targets Executives' Office 365 Accounts

Chinmay Rautmare • August 10, 2020

A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.

COVID-19

Twitter Hack: Suspects Left Easy Trail for Investigators

Latest

Application Security

More Microsoft Zero-Day Flaws Being Exploited

Prajeet Nair • August 12, 2020

Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.

Business Continuity Management / Disaster Recovery

Avaddon Ransomware Joins Data-Leaking Club

Mathew J. Schwartz • August 12, 2020

Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates.

Business Email Compromise (BEC)

Beware: AgentTesla Infostealer Now More Powerful

Akshaya Asokan • August 12, 2020

The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.

Business Email Compromise (BEC)

BEC Scam Costs Trading Firm Virtu Financial $6.9 Million

Doug Olenick • August 11, 2020

High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.

3rd Party Risk Management

Snapdragon Chip Flaws Could Facilitate Mass Android Spying

Mathew J. Schwartz • August 11, 2020

Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.

Fraud Management & Cybercrime

Using DNS Data for Cybercrime Intelligence

Jeremy Kirk • August 11, 2020

The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.

Account Takeover

Fighting Fraud: Understanding Threat Actors' Techniques

Suparna Goswami • August 11, 2020

The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.

Account Takeover

How Was Reddit Defaced?

Jeremy Kirk • August 10, 2020

Reddit had a very "Make America Great Again" weekend, as more than 70 subreddits were temporarily hijacked and used to post "MAGA" messages in support of U.S. President Donald Trump. Attackers claim they used social engineering and password stuffing to compromise the accounts.

Cyberwarfare / Nation-State Attacks

The Debate Over Trump 'Ban' of TikTok, WeChat

Doug Olenick • August 7, 2020

President Donald Trump's executive order banning the Chinese-owned TikTok and WeChat apps could prove to be unenforceable, some privacy and security specialists say. But some Republican lawmakers hailed the move, citing the national security risks posed by the apps.

Application Security

Managing API Security

Suparna Goswami • August 7, 2020

Because APIs are an attractive target for hackers, organizations need to make API security a higher priority, says Aseem Ahmed of Akamai Technologies.

Cyberwarfare / Nation-State Attacks

Trump Signs Executive Orders Banning TikTok, WeChat

Prajeet Nair • August 7, 2020

President Donald Trump, citing national security concerns, has signed two executive orders that will ban the Chinese-owned social media platforms TikTok and WeChat from the U.S. within 45 days. The orders appear designed to accelerate the sale of the two platforms to American firms.

Anti-Money Laundering (AML)

Using Machine Learning to Fight Money Laundering

Suparna Goswami • August 7, 2020

Machine learning can play a significant role in mitigating money laundering risks, says Andy Gandhi, managing director, data risk and compliance at the consultancy Alvarez and Marsal.