The notorious Qbot banking Trojan is making a comeback with new features and capabilities that enable it to more effectively steal victims' financial data and credentials, according to cybersecurity researchers at F5 Labs.
Vulnerabilities due to "coding errors" in a number of mobile banking applications make them all too susceptible to hacking and customer account data theft, the security firm Positive Technologies warns.
If your organization gets hit by ransomware, what should happen next? Ideally, organizations will get help to identify the best response, says Kroll's Alan Brill. He notes that many organizations are now carrying cyber insurance coverage, in part, to gain rapid access to incident response tools and expertise.
An internal CIA report from 2017 - just released in heavily redacted form - found that the agency's failure to secure its own systems facilitated the massive "Vault 7" data breach that enabled classified information, including details of 35 CIA hacking tools, to be leaked to WikiLeaks.
The Trump administration's continued press against China snared an unintended victim: America's own influence over 5G standards development. But the U.S. Commerce Department says a new rule will free U.S. firms to work with any company, including China's Huawei, on developing new telecommunications standards.
Scammers are looking to capitalize on the extortion campaigns being conducted by the Maze ransomware gang and others by demanding thousands of dollars in ransom to not release data they claim to have exfiltrated when in fact no attack took place and no data was removed, according to security firm WebARX.
Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown.
The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years.
Microsoft's Azure Security Center has detected a new hacking campaign that for the first time specifically targets the Kubeflow platform on Kubernetes and uses XMRig cryptominer to mine for monero across multiple clusters.
Researchers at MIT and the University of Michigan have uncovered multiple security flaws in the online voting platform OmniBallot which could allow hackers to access and manipulate voter data. The platform is currently in use in three states for military personnel and disabled residents.
The attack sounds ripped from an episode of TV show "24": Hackers have infiltrated a government network, and they're days away from unleashing ransomware. Unfortunately for Florence, a city in Alabama, no one saved the day, and officials are sending $300,000 in bitcoins to attackers for a decryption key.
Cybereason's latest honeypot-derived research reveals that threat actors are increasingly targeting critical infrastructure providers with multistage ransomware attacks. CISO Israel Barak details why these strikes are so prevalent and concerning.
The latest edition of the ISMG Security Report discusses Europol's launch of the European Financial and Economic Crime Center, and also details the London Met's perspective on recent cybercrime trends, and to need to maintain a paper audit trail for mobile voting.