ScarCruft, a Korean-speaking APT group that has been targeting organizations mainly in Southeast Asia over the past three years, is developing new malware that targets Bluetooth-enabled devices, according to Kaspersky Lab.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
For the first time, members of the secretive "Five Eyes" intelligence-sharing group will make a joint public appearance to discuss how they collaborate, sharing a stage in Glasgow, Scotland, during the CyberUK conference. The Five Eyes alliance comprises Australia, Canada, New Zealand, the U.K. and U.S.
Security researcher Zammis Clark, who pleaded guilty to hacking Microsoft - with an accomplice - and later Nintendo, as well as stealing data and uploading malware to Microsoft's network, has received a suspended sentence.
A sophisticated attack campaign dubbed "Operation ShadowHammer" involved an advanced persistent threat group planting backdoors within Asus computers by subverting the Taiwan-based PC maker's third-party supply chain and updater software, Kaspersky Lab warns.
Life after WannaCry and NotPetya: Europol, the EU's law enforcement intelligence agency, wants member states to be able to rapidly respond to the next big cyberattack against Europe. But with warnings of ongoing Russian election interference campaigns, the next big attack may already be underway.
Script-based payment card malware continues its successful run, impacting a range of e-commerce sites, security researchers warn. With fraudsters continuing to refine their tactics, countering card-sniffing scripts continues to be difficult.
Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it. To help safeguard others, security experts have called on Hydro to release precise details of how it was hit.
The notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million. Nearly all of the 70,000 bank cards are advertised as being from Meezan Bank, the country's largest Islamic bank, Group-IB reports.
Recent apparently state-sponsored hack attacks have hit dozens of companies in the U.S. and political parties in Australia. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.
This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017, while in the U.K., Action Fraud says reported romance scam losses in 2018 topped $64 million.
British police say they're doing their best to cope with the possibility that the U.K. will crash out of the EU in 45 days and lose access to joint policing resources. But Richard Martin of the Met Police says replacements "will not be as efficient or effective as the tools we currently use."
Remote browser isolation eliminates both web-based threats such as drive-by-downloads and email-based attacks like phishing and ransomware. The technology removes the browsing process from the desktop and moves it to the cloud, effectively creating an "air gap" between the Internet and enterprise networks. Gartner...
The adoption of SaaS applications is transforming the secure web gateway (SWG) product category, propelling the growth of cloud-based SWG market 6X over appliance-based SWG products. Remote browser isolation has emerged as a key next generation technology for SWGs since it provides more comprehensive protection...
Japan plans to identity vulnerable internet of things devices the same way hackers do: by trying to log into them. The country wants to gauge its cybersecurity readiness for next year when it hosts the summer Olympics. If vulnerable devices are found, the plan is to notify device owners.