Microsoft has confirmed that a serious flaw in Windows SMB_v3 exists that could be exploited by attackers to remotely seize control of vulnerable systems. While no attacks have been seen in the wild, no patch for the wormable flaw is yet available. A workaround exists for servers, but not clients.
Microsoft along with its partners from 35 countries has taken coordinated legal and technical action to disrupt Necurs, one of the largest botnets in the world, the company announced in a Tuesday blog post.
As COVID-19 spreads, cybercriminals are sending more phishing emails that use the health emergency as a lure, according to security researchers. The European Central Bank is among those issuing warnings.
Security firm Emsisoft is offering free, customized decryptors to victims of PwndLocker ransomware, which first surfaced in late 2019 and has been tied to attacks against Lasalle County in Illinois and the Serbian city of Novi Sad, with the gang demanding up to $660,000 or more in bitcoins from its victims.
RSA 2020 touched on a number of topics, including the security of elections and supply chains, plus AI, zero trust and frameworks, among many others. But from sessions on cryptography, to this year's lower attendance, to the antibacterial dispensers dotted around venues, concerns over COVID-19 also dominated.
A key disconnect exists between awareness of financial services fraud schemes and mitigation, according to the latest "Faces of Fraud" survey sponsored by Appgate. Mike Lopez, vice president at the firm, describes some key findings.
Visser Precision, a U.S. manufacturer that supplies Boeing, Lockheed Martin, Tesla and SpaceX, appears to have been hit by the DoppelPaymer ransomware gang, which has begun leaking internal data and threatening to leak more unless the victim pays a ransom.
An alleged hacker who's accused of breaching the now defunct Ticketfly site in 2018 and exposing the personal information of about 27 million account holders has been indicted on a federal extortion charge, according to court documents filed by the FBI.
Mobile banking customers are being targeted by yet another SMS phishing campaign, according to new research from IBM X-Force. This time, however, in addition to trying to steal usernames and credentials, the attackers are also attempting to install Emotet malware.
A newly identified hacking group has been targeting gambling companies in Asia, the Middle East and Europe, using backdoors to steal source code and other data, according to new research from security firm Trend Micro.
Unpatched Fortinet, Palo Alto and Pulse Secure VPN servers, as well as Citrix gateways, continue to be targeted by hackers, who are exploiting critical flaws to install backdoors inside corporate networks. Security firm ClearSky warns that apparent Iranian APT attackers are the latest to join the fray.
Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout.
Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. The thefts were part of a malvertising campaign that had been active for at least a year, the researchers say.