President Joe Biden (Source: C-SPAN)

President Biden Orders SolarWinds Intelligence Assessment

Mathew J. Schwartz • January 22, 2021

The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.

Fraud Management & Cybercrime

Does Trump's Second Impeachment Have Cybersecurity Impact?

Latest

3rd Party Risk Management

How to Manage Software Supply Chain Risks

Jeremy Kirk • January 22, 2021

The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.

3rd Party Risk Management

Analysis: How Will Biden Address Cybersecurity Challenges?

Anna Delaney • January 22, 2021

The latest edition of the ISMG Security Report features an analysis of the cybersecurity challenges the Biden administration must address. Also featured: payments security advice from Verizon; the outlook for the lifting of restrictions tied to the COVID-19 pandemic.

Cybercrime

Microsoft Describes How SolarWinds Hackers Avoided Detection

Doug Olenick • January 21, 2021

Microsoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.

Governance & Risk Management

Biden Fills 3 Cybersecurity Positions

Doug Olenick • January 21, 2021

President Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber.

Cryptocurrency Fraud

Cryptomining Campaign Linked to Iranian Software Firm

Prajeet Nair • January 21, 2021

An ongoing global cryptomining campaign has connections to an Iranian software firm, according to a report from Sophos. The MrbMiner malware has targeted thousands of vulnerable Microsoft SQL Servers.

Cyberwarfare / Nation-State Attacks

Malwarebytes CEO: Firm Targeted by SolarWinds Hackers

Prajeet Nair • January 20, 2021

The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."

COVID-19

COVID-19 First Anniversary: It's About Vaccines & Variants

Tom Field • January 20, 2021

As the U.S. marks its first anniversary of fighting COVID-19, pandemic expert Regina Phelps says the next several, critical weeks come down to two vital words: vaccines and variants. "Those are going to determine our destiny for the long and foreseeable future," she says.

Cybercrime

'FreakOut' Botnet Targets Unpatched Linux Systems

Prajeet Nair • January 20, 2021

Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

Governance & Risk Management

Microsoft Taking Additional Steps to Address Zerologon Flaw

Prajeet Nair • January 19, 2021

Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.

Breach Notification

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Mathew J. Schwartz • January 19, 2021

Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.

Fraud Management & Cybercrime

FBI Warns of Increase in Vishing Attacks

Akshaya Asokan • January 19, 2021

The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote and at-home workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.

Endpoint Security

Police Arrest Suspect in Pelosi Laptop Theft

Jeremy Kirk • January 19, 2021

Police have arrested Riley June Williams of Pennsylvania, who a tipster alleges stole a laptop or hard drive belonging to House Speaker Nancy Pelosi. But is the tipsters claim that she had planned to pass the device to a friend in Russia credible?