The Russian-language Clop crime group's mass exploitation of MOVEit file-transfer software demonstrates how criminals continue to seek fresh ways to maximize their illicit profits with minimal effort. Ransomware response firm Coveware says Clop may clear over $75 million from this campaign.
A U.S. couple is set to file a plea deal for their role in laundering $4.5 billion in cryptocurrency from the Bitfinex virtual currency exchange in 2016. Federal prosecutors say they moved crypto to hide their tracks, withdrew it from ATMs and used gift cards to spend the money.
A Florida hospital is notifying 1.2 million patients that their information was stolen by hackers in a cybersecurity incident that spanned for nearly three weeks in May as attackers tried to encrypt the entity's systems with ransomware. The hospital repelled the attack but couldn't stop the breach.
The count of organizations affected by the Clop ransomware group's attack on MOVEit file-transfer software users continues to grow, now numbering over 400 organizations that were directly or indirectly impacted. More than 20 million individuals' personal details were stolen in the attacks.
This week, the U.S. ambassador to China was the latest Chinese hack victim, Linux malware infected 70,000 routers, Norway banned Meta ads, the MOVEit breach affected 1.2 million more customers, a Russian medical lab suffered a ransomware attack, and Estée Lauder shut down systems after a breach.
Security researchers say the Chinese state-sponsored espionage group APT41 is using WyrmSpy and DragonEgg surveillance malware to target Android mobile devices. APT41 recently switched tactics to develop malware specific to the Android operating system.
Days after attributing the recent breach in its customer environment, enterprise software company JumpCloud on Thursday confirmed the involvement of a North Korean nation-state actor who appears to be financially motivated to steal cryptocurrency.
Cybercriminals are leveraging Google's paid advertisement service to push malicious sites on top search results in order to trick victims into downloading info stealers and backdoors. Researchers suspect it could be a workaround for the changes Microsoft made to protect against malicious macros.
Adobe released a fresh out-of-band security update to patch an improperly fixed ColdFusion zero-day vulnerability being actively exploited in the wild that allows attackers to bypass security controls. The update includes fixes for two other critical vulnerabilities.
Between July 14 and 20, senators introduced a bill to address DeFi risk, Nasdaq held back crypto custody plans, DeFi hackers laundered lesser amounts of stolen funds in the first half of this year than in H1 2022, and an Australian bank blocked payments to high-risk crypto exchanges.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
Top U.S. and Australian cybersecurity agencies strongly urged users to patch a critical zero-day flaw in Citrix ADC and Gateway appliances being exploited by unnamed threat actors in the wild. The bug, which is tracked as CVE-2023-3519, gives unauthenticated attackers RCE privileges.
Many critical infrastructure sector organizations, especially smaller entities, will likely struggle to comply with an upcoming requirement to report cyber incidents to federal regulators within 72 hours - due to an assortment of reasons, said Stanley Mierzwa of Kean University.
Spanish law enforcement officers scored several recent wins against cybercriminals this month. Police nabbed a Ukrainian hacker on the run for 10 years, arrested a fraudster known to have run a smishing campaign that amassed 1.2 million euros, and broke up a phishing nexus - all in two weeks.
What are your third parties doing for you when it comes to security, and what has been assumed that you are doing, plus what’s the impact of AI? Bridget Kenyon, CISO at Shared Service Connected, said most organizations need better visibility into vendor risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.