Protecting Urban Cooperative Banks From Cyber Threats

Geetha Nandikotkur • November 26, 2020

India's urban cooperative banks need to take a holistic approach to build a security governance structure, opt for an ASP services model and map their business-critical risks to comply with the RBI's security posture guidelines, according to a panel of experts.

Device Identification

The Dark Side of AI: Previewing Criminal Uses

Latest

Cybercrime as-a-service

Ransomware Attack Targets Baltimore County Public Schools

Akshaya Asokan • November 26, 2020

Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students this week. Now, the district has been forced to call-off its virtual classes until next Monday.

Anti-Phishing, DMARC

Interpol Busts Massive Nigerian BEC Gang

Akshaya Asokan • November 26, 2020

Interpol, along with Nigerian law enforcement agencies and security firm Group-IB, has uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries.

Cybercrime as-a-service

Ransomware Attack Will Costs French IT Services $60 Million

Prajeet Nair • November 26, 2020

French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, is estimating that the attack will cost the company around $60 million in recovery costs.

3rd Party Risk Management

Automated Monitoring in the Cloud

Anna Delaney • November 26, 2020

Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.

Application Security

Keeping the Software Supply Chain Secure

Jeremy Kirk • November 26, 2020

IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair • November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Linux Botnet Disguises Itself as Apache Server

Prajeet Nair • November 25, 2020

The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, according to Intezer Labs.

Application Security

Google Removes 2 Android Apps That Collected User Data

Akshaya Asokan • November 25, 2020

Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick • November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.

Cybercrime

Updated Trickbot Malware Is More Resilient

Doug Olenick • November 24, 2020

The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.

Endpoint Security

UK Telecommunications Security Bill Would Ban Huawei

Mathew J. Schwartz • November 24, 2020

The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.

Fraud Management & Cybercrime

Instagram Leaked Minors' PII Again, But Now It's Fixed

Jeremy Kirk • November 24, 2020

For at least a month, Instagram leaked the email addresses of minors, which occurred as Ireland's Data Protection Commission probed whether its parent company, Facebook, failed to protect children's personal data. Facebook has fixed the issue. But how carefully is the company protecting personal data?