Conti's data leaks site claims to have now published 7% of the files it stole from SEPA. (Source: Kela)

Ransomware Disrupts Scottish Environment Protection Agency

Mathew J. Schwartz • January 15, 2021

The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.

►

Cloud Access Security Brokers (CASB)

2021: The State of Privacy

Latest

Forensics

Capitol Riot Suspects Identify Themselves

Mathew J. Schwartz • January 15, 2021

Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.

3rd Party Risk Management

SolarWinds Supply Chain Hack: Investigation Update

Anna Delaney • January 15, 2021

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.

Critical Infrastructure Security

Does Trump's Second Impeachment Have Cybersecurity Impact?

Jeremy Kirk • January 14, 2021

President Donald Trump has been impeached by the House of Representatives on a charge of inciting an insurrection after a riot at the U.S. Capitol led to the deaths of five people. Many experts don't believe the impeachment will have a direct impact on cybersecurity, but adversaries do look for opportunity in chaos.

Forensics

How Conti Ransomware Works

Doug Olenick • January 14, 2021

Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

Active Defense & Deception

Sizing Up the Role of Deception Technology

Anna Delaney • January 14, 2021

Chris Kubic, former CISO of the National Security Agency, describes how deception technology can change the defensive landscape: "Where deception comes into play is for the unknown threats, the things that are either an attack you haven't seen before or the attacker evolved their technique."

Business Continuity Management / Disaster Recovery

Capitol Breach: Cybersecurity Lessons to Apply

Mathew J. Schwartz • January 13, 2021

The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.

COVID-19

COVID-19 Vaccine Documents, Personal Data Leaked

Marianne Kolbasuk McGee • January 13, 2021

Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet.

Breach Notification

Mimecast Says Hackers Compromised Digital Certificate

Jeremy Kirk • January 13, 2021

Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.

Cybercrime

Mobile RAT for Android Offered on Darknet Forums

Akshaya Asokan • January 13, 2021

A recently identified mobile remote access Trojan dubbed "Rogue," which exploits Google's Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, according to Check Point Research. The RAT is being offered for sale or rent in darknet forums.

Cybercrime

Watering Hole Operation Leveraged Zero-Day Exploits

Akshaya Asokan • January 13, 2021

Google's Project Zero security team is describing its discovery last year of a complex "watering hole" operation that used four zero-day exploits to target Windows and Android mobile devices.

Cybercrime

Massive DarkMarket Underground Marketplace Taken Down

Doug Olenick • January 12, 2021

A global law enforcement operation has taken down DarkMarket, which Europol describes as the world's largest underground marketplace of illegal goods on the dark web. The market has generated about $170 million in revenue selling drugs, malware, credit cards and more, officials say.

Artificial Intelligence & Machine Learning

New Year Kicks Off With Vendor Consolidation

Doug Olenick • January 12, 2021

The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.