CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.
Criminals continue to rely on automated bots for phishing attacks, web scraping, credential stuffing and more. But while gangs previously needed to amass large, powerful botnets to be effective, now they need relatively few devices, says Group-IB CTO Dmitry Volkov.
The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favour of ransomware attacks. Also featured: Defending against deepfakes; supporting a dispersed workforce.
Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students this week. Now, the district has been forced to call-off its virtual classes until next Monday.
Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.
French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, now estimates that the attack could cost the company up to $60 million in recovery costs. Experts say that after going quiet in March, Ryuk reappeared in September, and has targeted numerous hospitals.
Driven by the profits to be achieved via ransomware, most botnet operators have dropped banking Trojans in favor of supporting and running crypto-locking malware attacks, according to security experts who spoke Wednesday at cybersecurity firm Group-IB's CyberCrimeCon 2020 virtual conference.
The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.
The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.
The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.
For at least a month, Instagram leaked the email addresses of minors, which occurred as Ireland's Data Protection Commission probed whether its parent company, Facebook, failed to protect children's personal data. Facebook has fixed the issue. But how carefully is the company protecting personal data?
A Chinese advanced persistent threat group has recently begun ramping up its activities with a new phishing campaign leveraging updated malware that's targeting diplomatic missions around the world to collect data and monitor communications, according to Proofpoint.