City of Saint John in New Brunswick, Canada is hit by significant cyberattack, causing it to shut down several IT systems.

ESET researchers recently discovered attempts to deploy Lazarus malware via a supply-chain attack (on less secure parts of the supply network) in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. The attack was made easier for Lazarus since South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.

Generali Global Assistance released the findings of its fourth annual Holiday Shopping ID Theft survey. The survey examines consumer sentiment on retail data breaches and the identity theft risks holiday shopping poses.

Digital Shadows has identified a post on the English-speaking cybercriminal forum, RaidForums, alleging to possess a complete 2020 Wisconsin voter database. The author of the post provided a free download link to a database containing statewide voter and absentee data acquired from the "Badger Voters" site, a website established by the State of Wisconsin Elections Commission.

How is the current COVID-19 pandemic affecting fraud levels, and what can firms do to protect their employees and customers? Below, we talk to Omri Kletter, VP, Cyber Crime and Fraud Management at Bottomline, about best practices for managing risk and cyber threats in the payments process more broadly. 

Budget bandwidth is often a strong contention point for businesses. And even with the increase in cybercrime threats, some firms still struggle to allocate proper budget allowances to meet security and regulatory requirements. According to a recent report by Accenture, organizations face on average 22 legitimate security breaches each year and the average cost of a single cyberattack is $380,000.

As institutions of higher education reel from recent cyberattacks in the United Kingdom, IT departments work tirelessly to secure sensitive student data. Student records offer a wealth of personally identifiable information (PII) from birth dates and social security numbers to bank account numbers and home addresses. In parallel, a study released by EDUCAUSE in July 2020 notes that the CIO’s Commitment on Diversity, Equity, and Inclusion (DEI) reports that 83.1% of respondents strongly agree that “diverse, equitable, and inclusive workplace environments foster more effective and creative teams of technology professionals.” Although at first glance, these two issues appear unrelated, bringing diverse voices to the cybersecurity table may provide a way through, rather than around, the current security struggles facing remote learning models in higher education. 

The Q3 2020 Threat Landscape Report by Nuspire demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

Financial services firms are reportedly hit by security incidents 300 times more frequently than other businesses, according to ID Theft Resource Center. To help financial planners protect their data and comply with the cybersecurity requirements established by the Securities and Exchange Commission (SEC) and FINRA, the Financial Planning Association (FPA) today launched Cybersecurity for Financial Planners: An FPA Certificate Program.