Latest

Blockchain & Cryptocurrency

Post-Election Cyber Disruptions: What to Expect

Anna Delaney  •  October 30, 2020

The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.

Electronic Healthcare Records

HHS Delays Data Sharing Regulation Deadlines

Marianne Kolbasuk McGee  •  October 29, 2020

Citing the stretched health IT resources and heavy workloads healthcare organizations face as a result of the COVID-19 pandemic, federal regulators are delaying compliance deadlines for information blocking and health IT interoperability regulations.

Business Email Compromise (BEC)

Phishing Scam Costs Wisconsin GOP $2.3 Million

Doug Olenick  •  October 29, 2020

The Republican Party of Wisconsin says fraudsters used phishing emails and doctored invoices to steal $2.3 million earmarked for President Donald Trump's reelection campaign. The FBI is investigating.

Governance & Risk Management

100,000 Windows Devices Still Exposed to SMBGhost Flaw

Doug Olenick  •  October 29, 2020

Almost eight months after Microsoft warned of a critical vulnerability in Windows called SMBGhost, more than 100,000 unpatched devices remain vulnerable, according to security researchers. The COVID-19 pandemic and ensuing rush to move workers into home offices may have led to delays in applying the fix.

Cybercrime

Ryuk Ransomware Delivered Using Malware-as-a-Service Tool

Prajeet Nair  •  October 28, 2020

The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than botnets such as Trickbot and Emotet, the security firm Sophos reports.

Encryption & Key Management

Analysis: The Security of 5G Devices, Networks

Doug Olenick  •  October 28, 2020

So far, much of the discussion about 5G security has focused on avoiding the use of technology from Chinese manufacturers, including Huawei and ZTE. But security experts are increasingly concerned that 5G network and device providers rushing products to market aren't devoting enough attention to security.

►

Critical Infrastructure Security

FBI on Election: 'There's Going to be a Lot of Noise'

Tom Field  •  October 28, 2020

FBI agent Elvis Chan has dedicated the past four years to ensuring U.S. election security. With the Nov. 3 election less than a week away, he opens up on concerns about Russian, Chinese and Iranian interference and threats he'll be watching before and after the vote.

►

COVID-19

CISOs' Pandemic Challenge: More Disruption, Less Budget

Mathew J. Schwartz  •  October 28, 2020

The imperative for CISOs during the COVID-19 pandemic is to do more with less. While disruptive attacks - as well as privacy concerns - keep rising, budgets are down. As organizations rapidly adopt new technologies, however, EY's Kris Lovejoy says CISOs must seize the opportunity to streamline.

Endpoint Security

New Online Platform Coordinates IoT Bug Reports

Jeremy Kirk  •  October 27, 2020

A new online platform called VulnerableThings.com is aiming to become the go-to place for reporting and viewing reports on software flaws in IoT devices. The IoT Security Foundation and Oxford Information Labs say the platform could help vendors comply with new IoT regulations and standards.

Cybercrime

Even in Test Mode, New Mirai Variant Infecting IoT Devices

Doug Olenick  •  October 26, 2020

A greatly enhanced variant of the powerful Mirai botnet is already infecting IoT devices even though it's operating in a test environment, according to researchers at cybersecurity firm Avira Protection Lab.

Blockchain & Cryptocurrency

KashmirBlack Botnet Targets Content Management Systems

Prajeet Nair  •  October 26, 2020

Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims.

►

Blockchain & Cryptocurrency

Police Battle Criminal Abuse of Cryptocurrency, Encryption

Mathew J. Schwartz  •  October 26, 2020

"Cybercrime is an evolution, not a revolution," says Europol's Philipp Amann, who oversees the EU law enforcement intelligence agency's annual study of the latest cyber-enabled crime trends. Ransomware, social engineering and the criminal abuse of cryptocurrency and encryption are some of the top threats.