The latest edition of the ISMG Security Report analyzes the hacking of high-profile Twitter accounts. Also featured: Addressing security when offices reopen; the role of personal protective equipment, or PPE, in money laundering during the pandemic.
Twitter says attackers who hijacked more than 130 high-profile Twitter accounts used social engineering to bypass its defenses, including two-factor authentication on accounts. Experts say companies must have defenses in place against such schemes, which have long been employed by fraudsters.
A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal users' data as well as their cryptocurrency wallets.
Continuous authentication can play a key role in combating fraud, says John Buzzard, lead fraud and security analyst at Javelin Strategy & Research, who discusses the role of behavioral biometrics.
After a nearly six-month hiatus, the Emotet botnet has sprung back to life with a spam campaign targeting the U.S. and U.K., according to security research reports. Victims are hit with phishing emails that contain either a malicious URL or Word document attachment that downloads malware.
An Iranian-backed hacking group appears to have accidentally left over 40 GB of training videos and other material exposed online, according to researchers at IBM, who found the unprotected server. The material includes videos describing attacks aimed at U.S. Navy and State Department personnel.
Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.
Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.
The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.
Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs. The malware operators are using unsecured DNS protocols to exfiltrate the data.
Payment card hackers are now hiding malicious JavaScript inside an image's EXIF metadata and then sneaking the image onto e-commerce sites, according to the security firm Malwarebytes.
A Russian national charged in connection with co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty.
Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro, which says five of those cities had already been victims of similar Magecart-style attacks in recent years.
Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions.
This video highlights how visibility into the illicit communities where credentials are leaked can help organizations establish or refine password policies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.