Tag Archives: malware

SolarWinds Cyber-Attack Has Significant Implications for Developers and Contractors

ICYMI, on Wednesday, January 6, 2021, the United States Department of Justice (DOJ) issued an update about what it termed “a major incident under the Federal Information Security Modernization Act”: the global SolarWinds cyberattack that had compromised its email system. (SolarWinds is a software provider. In December, 2020, SolarWinds revealed that cybercriminals had injected malware … Continue Reading

Further Fall-Out from Russian Hacking of SolarWinds

U.S. intelligence agencies, including the FBI, the Office of the Director of National Intelligence, the National Security Agency and the Cybersecurity and Infrastructure Security Agency, have confirmed that Russia was behind the SolarWinds hack. It is reported that the FBI is investigating whether Russia hacked into project management software JetBrains’ TeamCity DevOps tool to originally … Continue Reading

Proposed New Breach Notification Rule for the Banking Industry

The Office of the Comptroller of the Currency, Treasury (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) recently announced a “Notice of Proposed Rulemaking for the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.” This new rule would require a banking … Continue Reading

Show Your IT Professionals Some Love

2020 will go down as one of the most stressful in my career as a cybersecurity professional. I have been working in this area of law full time since 2003. So that says a lot. On top of the stress of the spread of the coronavirus, this has been a particularly stressful year assisting clients … Continue Reading

A Hackers ‘Shipageddon’ Has Set Sail: Beware of Fake Shipping Messages

As the holiday shopping season comes to end, consumers should still be aware that hackers are sending fake delivery notifications appearing to come from companies like FedEx and UPS, especially as the last few days of package arrivals pass by. The hackers’ messages prompt consumers to enter their personal information like credit card information to … Continue Reading

SolarWinds Cyber-Attack: CISA Recommends Disconnecting

On the heels of the concerning security incident experienced by FireEye [view related post], during the investigation of its own incident, FireEye discovered that multiple updates issued by SolarWinds, a cybersecurity firm that many governmental and private companies use to monitor networks, were “trojanized” and malware was inserted into the updates between March and May … Continue Reading

Cyber Exposures Rise During Pandemic

Although it is logical that cyber-attacks have risen during the pandemic, and there is anecdotal evidence that it is occurring, including our own experience, an interesting new report was recently released by Allianz, which provides cyber-liability insurance products. According to the report, “While the COVID-19 outbreak cannot be said to be a direct cause of … Continue Reading

Threat Statistics Are Scary

The threat-related statistics of malware and ransomware are mind-boggling. We have regularly reported on the dramatic increase of ransomware, but the statistics on successful exploitation and botnet activities are just as bad. According to Nuspire’s Q3 Threat Landscape Report (www.nuspire.com), based upon its experience over the last three months, there was an increase of 128.21 … Continue Reading

DSH Warns of North Korean Advanced Persistent Threat Group Kimsuky Tactics

The Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) this week issued Alert (AA20-301A) titled North Korean Advanced Persistent Threat Focus: Kimsuky warning U.S. businesses, and particularly those in the commercial sector, about tactics used by North Korean advanced persistent threat (APT) group Kimusky. https://us-cert.cisa.gov/ncas/alerts/aa20-301a The Alert, co-authored by the Federal Bureau of … Continue Reading

Privacy Tip #256 – COVID-19 Scams Continue to Plague U.S. Public

It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link offering information or access to specialized treatment for COVID-19 to lure people to click on them. Once they click on … Continue Reading

U.S. Organizations Doing Business in China Warned of Malware in Tax Software

The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Flash Alert to U.S. based businesses doing business in China about a remote targeting campaign whereby the tax software that Chinese domestic banks require foreign companies to install is loaded with malware. Trustwave researchers warned in June … Continue Reading

Privacy Tip #226 – Beware – Well-Known Brands Used for Phishing Schemes

A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money.  This is an old malware trick that we used to see and now recognize. Scammers send a phishing email after copying … Continue Reading

Cyber Criminals Using Coronavirus Concern to Assist with Intrusions

Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China. As we have seen with other public concerns, cyber criminals and threat actors … Continue Reading

Crime-as-a-Service Targets Popular Platforms

It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-a-Service (BPaaS). But then the criminal enterprises came up with Malware-as-a-Service (MaaS), Ransomware-as-a-Service (RaaS) and now Crime-as-a-Service (CaaS). A new Crime-as-a-Service offering is targeting … Continue Reading

Privacy Tip #206 – Be Mindful of Calendar Invites—They Can Contain Spam

Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites. Calendar invites are … Continue Reading

Louisiana Governor Declares Statewide Emergency After Cyber-Attacks Against School Systems

Louisiana Governor John Bel Edwards, for the first time in history, declared a statewide cybersecurity emergency last week, following cyber-attacks against several school systems in the state. By declaring a cybersecurity emergency, the state is able to garner needed resources, including cybersecurity experts from the Louisiana National Guard, State Police, the Office of Technology Services, … Continue Reading
LexBlog