The security of hundreds of MSI products is at risk due to hackers leaking private code signing keys stolen during a data breach last month. The signing keys allow an attacker to push malicious firmware updates under the guise of regular BIOS update processes with MSI update tools.
The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India two weeks after the group demanded a $3 million ransom from the company. The stolen data includes "loan agreements with individuals and legal companies."
Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs.
Cybercrime has evolved over the decades, and criminals are running entities that function exactly like legitimate organizations. The high-revenue industry is growing, and those running it continue to improve at doing their jobs, said Jon Clay, vice president of threat intelligence at Trend Micro.
With MFA becoming ubiquitous, hackers are finding it increasingly difficult to use technical skills to penetrate protected systems, leading to an increase in attacks focusing on the human element, said Scott Hellman, supervisory special agent, FBI San Francisco.
The ransomware threat is becoming increasingly pervasive. At least 10,000 different variants are victimizing organizations that thought they were well-prepared to tackle this growing menace, said Vishak Raman of Fortinet, which recently released a report on ransomware trends.
Ukrainian law enforcement dismantled more than half a dozen bot farms and a virtual private network infrastructure spreading disinformation and fake Russian propaganda. Ukrainian authorities have dismantled a string of botnet operations in December, September and August of 2022.
A Tennessee medical clinic and surgery center is still struggling to fully recover two weeks after a "sophisticated criminal cyberattack" - which included an attempt to steal data - forced the entity to take its IT systems offline and cancel most patient services.
Ransomware hackers' favorite currency is cryptocurrency. Digital assets transfer millions of dollars each year from victims to cybercriminals. But that dependency is also an opportunity for law enforcement to hit ransomware hackers in their most vulnerable spot.
In the latest weekly update, Venable's Grant Schneider joins ISMG editors to discuss takeaways from the RSA Conference 2023, the state of software supply chain security post-SolarWinds, safeguards to prevent unintended adverse impacts of AI, and whether AI could be used to write and digest SBOMs.
When Russia launched its all-out war against Ukraine in February 2022, many cybersecurity watchers feared ransomware groups would serve as a proxy force. But Moscow doesn't appear to have deputized cybercrime-driven crypto-locking malware brigades.
Social media giant Meta took down hundreds of fake Facebook and Instagram accounts used by South Asia advanced persistent threat groups to glean sensitive information and coax users into installing malware. It found activity by threat actors affiliated with India and Pakistan.
Cybersecurity expert Mikko Hypponen recently got sent "LL Morpher," a new piece of malware that uses OpenAI's GPT to rewrite its Python code with every new infection. While more proof-of-concept than current threat, "the whole AI thing right now feels exciting and scary at the same time," he said.
Pharmaceutical giant Merck's insurers must cover the company's losses involving the 2017 NotPetya malware attack because the "all-risks" property insurance policies' "hostile warlike" exclusions do not apply to the incident, ruled a New Jersey appellate court this week.
Joe Sullivan, the former chief security officer of Uber, will not spend time in prison for his role in impeding a federal investigation into the ride-hailing company's security practices. His sentence is three years of probation and a $50,000 fine.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.