This week, cybercriminals took a more hands-on approach, a new breed of ransomware bided its time, and computers got too hot to handle.
- Bank of America has disclosed that its third-party test platform briefly exposed Paycheck Protection Program applications to outside parties. According to SonicWall’s Dmitriy Ayrapetov, the leak was due to a rushed effort by the bank to finish the data platform, resulting in holes in its security.
Boundless Cybersecurity For The New Work Reality — SC Magazine
- The adoption of work-from-home has moved us into a hyper-distributed IT landscape. With 100-percent-remote employees conducting online meetings and connecting via email, mobile and cloud, the perimeter has vanished into a multitude of endpoints spread across the globe.
New Tycoon ransomware targets both Windows and Linux systems — Bleeping Computer
- A new human-operated ransomware strain is being deployed in highly targeted attacks on small- to medium-size organizations in the software and education industries.
- In an attempt to steal database credentials, attackers tried to download configuration files from WordPress via old vulnerabilities in unpatched plugins.
- At least a dozen supercomputers across Europe had to be shut down last week due to cryptojacking attacks. One individual found out the hard way that his was one of them.
USBCulprit malware targets air-gapped systems to steal govt info — Bleeping Computer
- The newly revealed USBCulprit malware is designed for compromising air-gapped devices via USB.
- Campaigns targeting smartphones have risen by a third in just a few months, many with the end goal of opening a portal to corporate networks.
- A new report suggests that advocacy sites are being targeted at a rate more than four times that of U.S. government websites such as police and military organizations.
- DopplePaymer ransomware gang claims to have breached DMI, a major U.S. IT and cybersecurity provider and a NASA IT contractor.
- The group is trying to use the nationwide protests to draw attention to data that was stolen years ago.
- Sign In With Apple — a privacy-enhancing tool that lets users log in to third-party apps without revealing their email addresses — just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts.
Suspected Hacker Faces Money Laundering, Conspiracy Charges — Bank Info Security
- According to the U.S. Department of Justice, a New York City man is facing federal charges after being arrested at John F. Kennedy Airport with a PC allegedly containing thousands of stolen credit card numbers.
- Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target.
- Microsoft has warned of a new breed of “patient” ransomware that lurks in networks for weeks before striking.
In Case You Missed It
- Custom Build your Security Strategy with the SonicWall Boundless Cybersecurity Bundle — Amber Wolff
- Why Securing Remote Work is Crucial To Ensuring Business Continuity — Agasthiamani Sankaran
- Securing Telecommuters with Expanded Endpoint Visibility and Control — Suroop Chandran
- ‘Boundless Cybersecurity’ Protects Organizations Mobilizing for the New Business Normal — Geoff Blaine
- The New Front in Hospitals’ Battle Against COVID-19: Ransomware — Amber Wolff
- SonicWall Unveils Partner Program Designed for MSSPs — Lindsey Lockheart