Unilever CISO on Security Priorities for Remote Workforce

Anna Delaney • June 5, 2020

Bobby Ford, CISO of Unilever, a multinational consumer goods firm, says the shift to a work-from-home environment requires an intensified focus on email security as well as identity and access management.

►

Fraud Management & Cybercrime

'Hack for Hire' Groups Spoof WHO Emails to Steal Data

Latest

Cybercrime as-a-service

Report: Tycoon Ransomware Targets Windows, Linux Systems

Akshaya Asokan • June 6, 2020

A sophisticated strain of ransomware called Tycoon has been selectively targeting education and software companies since December 2019, according to a joint report released by BlackBerry and KPMG. Due to its unique development, this crypto-locking malware can target both Windows and Linux systems.

Cyberwarfare / Nation-State Attacks

Google: Phishing Attacks Targeted Trump, Biden Campaigns

Ishita Chigilli Palli • June 5, 2020

Separate state-sponsored phishing attacks unsuccessfully attempted to infiltrate the campaign offices of President Donald Trump and former Vice President Joe Biden, according to Google. The incidents illustrate ongoing election security challenges.

Digital Identity

Analysis: Why Identity Management Is Still a Challenge

Nick Holland • June 5, 2020

The latest edition of the ISMG Security Report sizes up progress made so far on identity management and the work yet to be done. Also featured: how security concerns are holding back IoT projects and the privacy issues raised by recording videoconferences.

Business Continuity Management / Disaster Recovery

Virtual Summit Dives Into Healthcare Cybersecurity Issues

Marianne Kolbasuk McGee • June 5, 2020

How have the cybersecurity challenges facing healthcare organizations changed during the COVID-19 pandemic? And how are organizations responding? Information Security Media Group's Healthcare Cybersecurity Virtual Summit, to be held on June 9 and replayed June 10 and 11, will provide insights.

Cyberwarfare / Nation-State Attacks

Should 'Killer Robots' Be Banned?

Mathew J. Schwartz • June 5, 2020

How big is the step from humans using drones to kill other humans to building lethal autonomous weapons systems that can kill on their own? Ethically and technologically, that's a huge leap. But military planners are working to build what some call "killer robots." And the UN wants them banned.

Cybercrime

Maze Promotes Other Gang's Stolen Data On Its Darknet Site

Doug Olenick • June 4, 2020

The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its "Maze News" website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.

Account Takeover

COVID-19 Drives Spike in Mobile Phishing Attacks: Report

Akshaya Asokan • June 4, 2020

The shift to working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns, with attackers targeting remote workers whose devices lack adequate security protections, according to the security firm Lookout. Many of these campaigns are designed to steal users' banking credentials.

COVID-19

Phishers Use Fake VPN Alerts to Steal Office 365 Passwords

Ishita Chigilli Palli • June 4, 2020

Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security.

Governance & Risk Management

Researchers Disclose 2 Critical Vulnerabilities in SAP ASE

Doug Olenick • June 3, 2020

Researchers at the security firm Trustwave have disclosed six vulnerabilities in SAP Adaptive Server Enterprise 16.0 (ASE) database software, with two rated as critical. These two vulnerabilities could enable attackers to perform arbitrary code execution and tamper with a system's data.

Fraud Management & Cybercrime

REvil Ransomware Gang Auctioning Off Stolen Data

Ishita Chigilli Palli • June 3, 2020

The REvil ransomware gang has created a darknet auction site for stolen data, according to the security firm Emsisoft. Will other gangs follow suit?

Cyberwarfare / Nation-State Attacks

Thousands of Exim Servers Vulnerable to Critical Flaw: Report

Akshaya Asokan • June 3, 2020

Thousands of unpatched Exim email servers are potentially vulnerable to a critical flaw that the NSA says Russian-backed hackers are attempting to exploit, according to the security firm RiskIQ, which also warns of two other Exim vulnerabilities that should be patched.

Cybercrime

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Mathew J. Schwartz • June 3, 2020

Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why?