A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.
Emotions about the global pandemic are running high, and attackers are taking advantage. Researchers have observed criminals spreading malware by impersonating official sources, distributing malicious COVID-19 maps and trackers, and malvertising on coronavirus-related news stories.
As security professionals, we...
Data breaches expose a wealth of personal information that can enable cybercriminals to bypass security measures, take over accounts, and compromise enterprise networks. To provide a snapshot of the breach exposure affecting major enterprises, we examined SpyCloud's database and found:
412 million breach assets tied...
Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.
In the age of same-day shipping and instant person-to-person payments, the
phrase "the check is in the mail" sounds antiquated. And it is. Even as organizations
continue their march to digital payments, plenty of paper still exists.
Many organizations have transformed some of their accounts payable (AP)...
Threat intelligence consumers must realize the limitations faced by producers and formulate their own analysis and integration of third-party threat intelligence to incorporate other sources to fill in gaps where possible.
Download this report and learn how:
Malware-exclusive analysis may miss vital aspects of a...
Microsoft has confirmed that a serious flaw in Windows SMB_v3 exists that could be exploited by attackers to remotely seize control of vulnerable systems. While no attacks have been seen in the wild, no patch for the wormable flaw is yet available. A workaround exists for servers, but not clients.
Hackers and cybercriminals have reached a level of maturity and efficiency unsurpassed in the history of cyberwarfare, resulting in a dramatic increase in attack frequency, complexity and size.
Although these threats constitute a clear and present danger to organizations worldwide, knowledge is power. This Hacker's...
The rapidly evolving threat environment requires a multilayered protection strategy - one that closes the technical and human gaps - for every organization to maximize its cybersecurity performance and minimize the risk of falling victim to sophisticated attacks, including phishing, malware and ransomware which can...
Visser Precision, a U.S. manufacturer that supplies Boeing, Lockheed Martin, Tesla and SpaceX, appears to have been hit by the DoppelPaymer ransomware gang, which has begun leaking internal data and threatening to leak more unless the victim pays a ransom.
If you're in charge of IT security and your system gets knocked out of commission by a malware attack, this might be a resumé-generating event (RGE). A significant number of people lose their jobs in the wake of a ransomware attack or some other data breach.
To ensure you are not the next, download this white...
The operators behind the "Raccoon" infostealer Trojan have added new capabilities to this malware-as-service offering, which now has the ability to steal data from over 60 applications, according to researchers at the security firm CyberArk.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
Emotet malware alert: The U.S. Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet malware attacks. It urges all organizations to immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers.