Cybercriminals are "upping their game" by stealing and then auctioning off on the dark web administrative access credentials to healthcare organizations' clinician and patient portals, says Etay Maor of IntSights.
Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.
"Cobalt Dickens," a threat group with suspected ties to Iran, is continuing its attempts to steal intellectual property from schools and universities, according to an analysis by SecureWorks. The group's work continues even though several alleged members have been indicted by the Justice Department.
A global law enforcement operation has resulted in the arrest of 281 suspects allegedly involved in business email compromise scams. The announcement comes on the same day as the FBI's Internet Crime Complaint Center says that losses from BEC scams have hit $26 billion and are continuing to rise.
Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.
Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.
In the past year, cybercriminals behind two of the biggest ransomware attacks have abandoned other techniques in favor of exploiting remote desktop protocol. Matt Boddy of Sophos explains why RDP attacks are so popular - and what you can do to discourage them.
Apple is criticizing recent Google research that describes an expansive iPhone hacking campaign, accusing Google of "stoking fear" among users of its products. Google says it stands by its blog post, which focused on technical findings.
Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov. 4.
The federal tally of major health data breaches has spiked over the last month, mostly because of the American Medical Collection Agency incident, which led to nearly two dozen breach reports from the firm's affected clients.
As a fraud management leader, are you aware that social engineering is a widespread and increasingly common tactic used to takeover customer accounts? Learn more about why social engineering is one of the most dangerous and difficult to stop online crimes.
Facebook has confirmed that unprotected databases containing more than 419 million users' phone numbers contained data scraped from the social network. TechCrunch, which first reported on the development, says many of the exposed phone numbers can be tied to Facebook IDs and remain accurate.
A widely used brand of GPS location-tracking devices - for keeping tabs on children, elderly relatives and pets - have security flaws that could allow anyone with an internet connection to track the devices' real-time location and historical movements, warns security firm Avast.
Cyber defense is no longer about staying a step ahead - it's about trying to remain no further than a step behind the adversaries, says Moshe Ishai of HolistiCyber, who shares insights on how to regain an advantage.