Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third party email delivery vendor.
Cryptocurrency experts are fingering North Korea as likely responsible for the cryptocurrency theft of $100 million from the Harmony Horizon bridge. North Korea fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.
Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.
For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.
Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.
"I'm concerned that at some point the Russians are going to launch cyber retaliatory attacks against the United States at election infrastructure and the transportation, financial and energy sectors," says Elvis Chan, supervisory special agent at the San Francisco Division of the FBI.
Threat actors are using deepfakes to apply for remote employment at U.S. tech companies in a bid to gain access to corporate financial and customer data, internal databases and proprietary information. Fraudsters used stolen PII to make deepfake videos for personal interviews, says the FBI.
Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.
Chris Borales, senior product marketing manager for ThreatINSIGHT and security solutions at Gigamon, and Tony Morbin of Information Security Media Group discuss the findings of a recent survey of cybersecurity professionals about emerging security trends in 2022, conducted for Gigamon by ISMG.
The apps your dev teams are building have changed, your security tools should too. Digital transformation, omnichannel marketing and directly connecting with customers among other key business imperatives have accelerated application development cycles. Development teams have widely adopted agile development practices...
Ransomware-as-a-service gang LockBit has set up a bug bounty program for its malware and for exploitable vulnerabilities it could use to further criminal activities. Whether the program will go as planned is an open question. The gang is offering $1,000 to $1 million in remuneration.
Unlocking the data generated by ransomware attacks is helping organizations better understand the risks, adopt defensive technologies and prepare for future attacks, says Wade Baker, partner at Cyentia Institute. He discusses new data on how quickly organizations are remediating vulnerabilities.
Four ISMG editors discuss important cybersecurity issues, including how Canada's Desjardins Group settled a data breach lawsuit for $155 million, how Facebook is being sued after allegedly violating patient privacy, and highlights from ISMG's Northeast Summit held in New York this week.
Effective security and risk programs require not just domain mastery but making security accessible to boards of directors and senior officers, says Karin Höne, the group chief information security and risk officer of South Africa-based multinational Barloworld.
Blockchain company Harmony has offered a $1 million bounty to hackers who stole $100 million worth of Ethereum tokens. It says it won’t push for criminal charges if the funds are returned. The exploit did not affect the trustless Bitcoin - BTC - bridge, the company says in its tweet thread.