RBI's 'Positive Pay' System: Essential Security Steps

Geetha Nandikotkur • October 23, 2020

In an effort to ramp up the fight against fraud, the Reserve Bank of India next year will launch a "Positive Pay" system of verifying information about checks with a value at $700 or more. Bank CISOs face the big task of securing the huge new flow of data.

Breach Notification

6 Russians Indicted for Destructive NotPeyta Attacks

Latest

Critical Infrastructure Security

US Treasury Sanctions Russian Entity Over Triton Malware

Akshaya Asokan • October 24, 2020

The Treasury Department has issued sanctions against a Russian research institute that U.S. officials now claim helped deploy Triton, a destructive malware designed to damage industrial control systems. The announcement follows other economic penalties levied against Iran in the same week.

Critical Infrastructure Security

US Officials Blame Election Data Theft on Russian APT Group

Jeremy Kirk • October 23, 2020

U.S. intelligence officials say a Russia-backed hacking group has compromised some state and local government computer systems since at least September and stolen election-related data. So far, however, the attackers do not appear to have attempted to otherwise interfere with or disrupt those networks.

Fraud Management & Cybercrime

Phishing Campaign Mimics Microsoft Teams Alerts

Chinmay Rautmare • October 23, 2020

Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials.

Forensics

LockBit Ransomware Uses Automation Tools to Pick Targets

Prajeet Nair • October 23, 2020

The operators behind the LockBit ransomware strain use automation tools and techniques that help the malware quickly spread through a compromised network and also assist in picking specific targets, according to Sophos.

Critical Infrastructure Security

Analysis: The Significance of Russian Hackers' Indictment

Anna Delaney • October 23, 2020

The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.

Critical Infrastructure Security

US Alleges Iran Sent Threatening Emails to Democrats

Jeremy Kirk , Mathew J. Schwartz • October 22, 2020

U.S. officials have blamed Iran for sending a barrage of fake emails and videos to American voters with a Democratic Party affiliation as part of a campaign to push misinformation and sow confusion in the days before the presidential election.

Fraud Management & Cybercrime

Phishing Emails Target Coinbase Exchange Users

Chinmay Rautmare • October 21, 2020

Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4.

Cybercrime

Microsoft Continues Trickbot Crackdown

Prajeet Nair • October 21, 2020

Microsoft and its partners are continuing to put pressure on the Trickbot malware operation, eliminating an estimated 94% of its infrastructure. But some security researchers warn that the botnet's operators are developing workarounds to re-establish its infrastructure, enabling the group to resume its activities.

DevSecOps

Getting Visibility Into Open Source Components

Suparna Goswami • October 21, 2020

Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?

Cybercrime

Tom Kellermann on the Price of Digital Transformation

Tom Field • October 20, 2020

VMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes "the perfect storm" for increasingly sophisticated attacks heading into 2021. Cybersecurity strategist Tom Kellermann discusses what that means - and how these trends should inform our defensive strategies.

Anti-Money Laundering (AML)

Bitcoin 'Mixer' Fined $60 Million

Akshaya Asokan • October 20, 2020

The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.

Governance & Risk Management

Sensitive Voicemail Transcripts Exposed

Marianne Kolbasuk McGee • October 19, 2020

A security researcher recently discovered an unsecure Elasticsearch database cluster exposed on the internet that contained transcripts of sensitive voicemail messages, including some for medical clinics and financial service companies.