The prolific TA505 cybercrime group targeted corporate networks across Europe using spear-phishing emails to spread the SDBbot remote access Trojan, according to IBM X-Force researchers. The malicious messages were disguised as emails from HR departments.
The latest edition of the ISMG Security Report offers a discussion of the potential insider threats posed by the remote workforce during the COVID-19 crisis. Also featured: An update on payment fraud shifts and the long-term outlook for the cybersecurity market.
As countries pursue national 5G rollouts, an unwanted security challenge has intensified: Some extremists have been vandalizing or even firebombing transmitter masts, driven by conspiracy theories suggesting not only that 5G poses a public health risk, but that it also helps cause COVID-19.
The State Department is offering a $5 million reward for information about North Korean-sponsored hacking campaigns, according to an advisory released this week by several U.S. agencies about the ongoing threat these campaigns pose to financial institutions and others.
The ransomware threat has scaled up to match the new remote workforce. But have backup policies and incident recovery procedures improved to keep pace? David Shaw and John Bilotti of Nasuni share tips on ransomware recovery, remote file-sharing and business continuity.
Can you "big tech" a way out of a pandemic? Many governments around the world are trying, and Australia is joining the herd with a contact tracing app. But Australia has a splotchy record of large government tech projects, including in health, that may result in low voluntary adoption of an app.
Many criminals are continuing to tap cybercrime platforms and services to make it easier to earn an illicit paycheck, sometimes by combining tools, such as Emotet, Ryuk and TrickBot. This "loader-ransomware-banker trifecta has wreaked havoc" in recent years, says security firm Intel 471.
A global health crisis. A remote workforce. Economic uncertainty. These are key ingredients to fuel the insider threat. Randy Trzeciak of the CERT Insider Threat Center at Carnegie Mellon University offers tips for monitoring risky behavior and creating positive incentives to reduce risk.
TikTok, a video-sharing service, has been delivering video and other media without TLS/SSL encryption, which means it may be possible for someone to tamper with content, researchers say. That could be especially damaging in the current pandemic environment, where misinformation and confusion abounds.
Microsoft issued patches for three zero-day vulnerabilities as part of its most recent Patch Tuesday update. The software giant had previously warned users about two vulnerabilities in the Adobe Type Manager Library that were being exploited in the wild.
Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division.
In January, hackers reportedly compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software. Although state officials say no data was compromised, the attack reportedly disabled some state agency information systems.
Fraudsters waging business email compromise schemes are attempting to steal money from state agencies and healthcare providers that are buying medical equipment and supplies to combat the COVID-19 pandemic, the FBI warns.
The U.K. government says it's prepping a contact-tracing app in an attempt to help contain COVID-19. But a leading cybersecurity expert argues that the proposal amounts to little more than "do-something-itis" and urges a focus, instead, on expanded testing as well as ventilator production.
Dutch police have shut down 15 DDoS booter sites over the course of a week. Meanwhile, they've arrested a 19-year-old in connection with DDoS attacks on two government websites.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.