This Week in Security News: BEC and Blackgear
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI reports a global BEC loss of over $12 billion in 2018. Also, a Blackgear cyberespionage campaign has reemerged, using social media and command-and-control (C&C) to imbed malicious software.
Read on to learn more.
Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
Analyzing the Marade downloader (TSPY_MARADE.ZTBC) and the version of Protux employed by Blackgear’s latest campaigns, we found their encrypted configurations on blog and social media posts.
Special Counsel Robert Mueller’s indictment of 12 Russian military intelligence agents revealed that they used spearphising to penetrate Democratic organizations during the 2016 elections.
FBI Report: Global BEC Losses Exceeded US$12 Billion in 2018
Financial losses to BEC, as well as the number of victims, continue to grow as a result of scammers’ deployment of sophisticated social engineering tactics and computer intrusion techniques.
LabCorp Investigates a Possible Data Breach
LabCorp, one of the nation’s largest medical diagnostics companies, is investigating a security breach that could have put health records of millions of patients at risk.
Rising Above Spam and Other Threats via Machine Learning
Antispam solutions must deal with spam before it enters the network; it’s impractical, not to mention, risky, to allow the delivery of potentially malicious emails and only react to it after the fact.
Cybersecurity, AI strategies coming from DOD
Thomas Michelli said his office will soon release three separate strategies to support the National Defense Strategy, cybersecurity and artificial intelligence.
ESLint Submodules Hacked: Devs Advised to Enable Layered Authentication, Renew Tokens
An attacker reportedly hacked into JavaScript code library ESLint to compromise submodule packages eslint-scope and eslint-config-eslint, injecting a malicious code to steal users’ npm credentials.
Homeland Security to Host National Cyber Security Summit Later This Month
The Department of Homeland Security will hold a National Cybersecurity Summit on July 31, hosting government officials, experts from the academe, and financial and energy industries.
Uber Appoints First Privacy and Data Protection Chiefs
Uber has announced two key privacy and data protection appointments in the wake of damaging data breaches to better develop and implement privacy standards and procedures at the company.
Did the FBI report on the global losses of the BEC surprise you? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Read More HERE