Security News

As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari. This case shows that business email compromise scams are becoming more ambitious, with fraudsters using social engineering techniques to steal as many financial documents as possible, according to the report.

A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency. Microsoft's January Patch Tuesday security bulletin disclosed the "Important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Hackers with ties to the Russian government have been targeting Ukrainian natural gas company Burisma with a series of phishing attacks designed to steal employee credentials, according to researchers at Area 1 Security. Russian hackers' attacks on Burisma appear to have started around November, according to the Times.

Officials at the Albany International Airport paid a ransom to cybercriminals after the facility's systems were hit with the Sodiniokibi ransomware strain on Christmas, the Albany Times Union reports. At no point did the ransomware attack affect the airport's day-to-day operations, airport officials said.

The FBI laid out new protocols Friday for how it conducts electronic surveillance in national security cases, responding to a Justice Department inspector general report that harshly criticized the bureau's handling of the Russia investigation. The filing comes one month after the chief judge of the surveillance court - in a rare public directive - ordered the FBI to say how it would correct shortcomings identified in the watchdog report on the bureau's investigation into ties between Russia and Donald Trump's 2016 presidential campaign.

Las Vegas officials said Tuesday that that a cyber attack breached the city's computer systems, but it wasn't immediately clear if any sensitive data was compromised. City officials were alerted to the breach around 4:30 a.m., city spokesman David Riggleman told the Las Vegas Review-Journal.

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."

The Sodinokibi ransomware strain is apparently behind the New Year's Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services. The attack could have been successful in part because Travelex took several months to patch critical vulnerabilities in its Pulse Secure VPN servers, according to Bad Packets.

The FBI and local police are investigating how scammers posing as a contractor for a local bridge project tricked officials in a small Colorado town into electronically transferring over $1 million to a fraudulent account, according to the Denver Post. A Dec. 30 internal email sent by Malcolm Fleming, the town administrator for Erie, says that it appears the scam started when a fraudster completed an electronic form posted on the town's website requesting a change in how SEMA Construction, the primary contractor for a local bridge project, would receive payment for its work, according to the Post.

Certain federal agencies, especially units within the Department of Defense, still have plenty of work to do when it comes to sharing cybersecurity information and threat intelligence among themselves as well with the private sector, according to an unclassified report recently sent to Congress. While the audit found that substantial progress has been made on the sharing cybersecurity information and threat intelligence among agencies over the last two years, it pointed to several areas of ongoing concern, including the failure of certain Defense Department units to use appropriate policies and procedures for data sharing.