Cybersecurity News

RSS

ESET researchers uncovered a new APT group that has been stealing sensitive documents from several governments in Eastern Europe and the Balkans since 2011. Named XDSpy by ESET, the APT group has gone largely undetected for nine years, which is rare. The espionage group has compromised many government agencies and private companies. The findings were presented today at the VB2020 localhost conference.

Security teams in the financial services sector are experiencing even more exacting demands as they defend their organizations in a world under a new and unexpected threat — a global pandemic, says a new Accenture report, "2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services."

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program.

According to Intertrust's 2020 Security Report on Global mHealth Apps, 71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data. The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats.

 nVisium released the findings of their recent research which explores the current state of cybersecurity awareness and security training initiatives within today’s remote workforce. The research reveals that only 35% of respondents classify security awareness training as a ‘top priority’ while working remotely, and nearly half say that their DevOps teams are not experts in understanding how to protect at home wireless networks.

The New York Attorney General’s Office (NYAG) reached a Consent and Stipulation Agreement with Dunkin’ Brands, Inc. (Dunkin), which obligates the company to implement and maintain a comprehensive information security program to protect customers’ private information. The terms of the consent agreement are similar to the terms New York reached with Zoom earlier this year regarding inadequate data security practices, and strongly resemble the reasonable security measures described in the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).

Specops Software discovered that 41% of employees had not been provided with adequate cybersecurity training while working from home, and they were keen to discover which sectors were experiencing the most threats during this time. They found that 54% of businesses across 11 sectors have seen a rise in cybercrime threats since working from home, with phishing being the most prevalent attack.

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners — including the National Cyber Security Alliance — to ensure every American has the resources they need to stay safe and secure online.