Ramon Abbas, charged in connection with BEC scams, owned luxury cars and took expensive shopping trips to Paris. (Photos: Justice Department)

Just How Lucrative Are BEC Scams?

Doug Olenick • July 6, 2020

A Nigerian national who has been extradited to the United States allegedly laundered millions of dollars stolen in business email compromise scams, according to the Justice Department. He flaunted his lavish lifestyle on social media, prosecutors say.

Cybercrime

Magecart Card Skimmer Hidden in Image's EXIF Metadata

Latest

Cybercrime

Patching Urged as F5 BIG-IP Vulnerability Exploited

Ishita Chigilli Palli • July 6, 2020

Security researchers warn that the number of exploit attempts targeting a critical vulnerability in F5 Networks' BIG-IP networking products has steadily increased since the company first announced the flaw late last week. They urge users to immediately apply patches.

Identity & Access Management

Progress Report: FIDO's Effort to Eliminate Passwords

Anna Delaney • July 6, 2020

Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers.

Account Takeover

Hey Alexa. Is This My Voice Or a Recording?

Jeremy Kirk • July 6, 2020

Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.

Fraud Management & Cybercrime

How Ekans Ransomware Targets Industrial Control Systems

Akshaya Asokan • July 4, 2020

Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.

Cybercrime

Operators Behind Valak Malware Expand Malicious Campaign

Ishita Chigilli Palli • July 3, 2020

The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer.

Application Security

Apache Guacamole Vulnerable to Reverse RDP Vulnerabilities

Akshaya Asokan • July 3, 2020

Apache Guacamole, an open-source application that allows for remote connections to devices, contains several vulnerabilities that could enable attackers to steal data or run remote code execution, Check Point Research found. These bugs come at a time when many employees are still working remotely.

Account Takeover

Digital IDs: A Progress Report

Nick Holland • July 3, 2020

The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.

Cybercrime

European Police Hack Encrypted Communication System

Doug Olenick • July 2, 2020

European police gained access to messages sent via the encrypted cellular service EncroChat, leading to the arrest of hundreds of alleged organized crime members across the Netherlands, France, Norway, Sweden and the U.K., the EU's law enforcement intelligence agency Europol reports.

Fraud Management & Cybercrime

Ex-Fraudster Brett Johnson: 'There Are Going to Be a Lot of Victims'

Tom Field • July 2, 2020

Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."

Cybercrime

Studying an 'Invisible God' Hacker: Could You Stop 'Fxmsp'?

Mathew J. Schwartz • July 2, 2020

Could your organization withstand an attack by the master hacking operation known as "Fxmsp"? Hollywood loves to portray hackers as having ninja-like skills. But Fxmsp often favored the simplest tools for the job, because they so often worked. Defenders: Take note.

Identity & Access Management

Building Trust in Digital Identities

Anna Delaney • July 1, 2020

Implementing trusted digital IDs will create benefits for end users as well as service providers, says Nick Mothershaw, chair and executive director at the Open Identity Exchange. But widespread international adoption of such IDs will take time to achieve, he acknowledges.

Cyberwarfare / Nation-State Attacks

FCC: Huawei, ZTE Are 'National Security Threats'

Ishita Chigilli Palli • July 1, 2020

The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp. as "national security threats," barring American telecommunications firms from using certain federal funds to buy their equipment, such as for building 5G networks.