TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft.
As e-commerce explodes during the global CIVD-19 pandemic, transaction authentication is more critical for fraud prevention, says Phil Dunkelberger of Nok Nok Labs, who discusses the latest fraud trends.
CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw. Attackers are now using stolen Active Directory credentials to access networks.
"Fraud guides" designed to assist cybercriminals in carrying out schemes that leverage stolen financial or personal data are the most common offerings on three prominent dark net marketplaces, according to security firm Terbium Labs.
For many cybercrime investigators, it's all about indicators of compromise - evidence that a crime has occurred. But what if you were to shift toward cataloging behaviors that could indicate an attack is ongoing or imminent? Sam Curry of Cybereason explains the IoB concept.
Ads for phishing kits doubled last year on underground forums and dark net markets, with prices skyrocketing over 149 percent - an apparent indicator of strong demand, according to security firm Group-IB.
The State Department is offering a $5 million reward for information about North Korean-sponsored hacking campaigns, according to an advisory released this week by several U.S. agencies about the ongoing threat these campaigns pose to financial institutions and others.
Many criminals are continuing to tap cybercrime platforms and services to make it easier to earn an illicit paycheck, sometimes by combining tools, such as Emotet, Ryuk and TrickBot. This "loader-ransomware-banker trifecta has wreaked havoc" in recent years, says security firm Intel 471.
Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division.
In January, hackers reportedly compromised portions of the New York state government's computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software. Although state officials say no data was compromised, the attack reportedly disabled some state agency information systems.
Fraudsters waging business email compromise schemes are attempting to steal money from state agencies and healthcare providers that are buying medical equipment and supplies to combat the COVID-19 pandemic, the FBI warns.
As the COVID-19 crisis continues, healthcare organizations need to ramp up efforts to mitigate the threats posed by cybercriminals who are trying to exploit the chaos, says attorney Jason G. Weiss, a cyber forensics expert and retired FBI agent.
Dutch police have shut down 15 DDoS booter sites over the course of a week. Meanwhile, they've arrested a 19-year-old in connection with DDoS attacks on two government websites.
The SEC has settled charges against two traders who were accused of profiting from the hacking of an SEC EDGAR system server in 2016. The Ukrainian man who allegedly hacked the system by bypassing its authentication control remains at large.
Travelex, a London-based foreign currency exchange that does business in 26 countries, including the U.S., paid a ransomware gang $2.3 million to regain access to its data following an attack, the Wall Street Journal reports. The incident crippled the company's customer services for weeks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
