The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.
The U.S. Treasury Department on Thursday imposed sanctions on an Iranian advanced persistent threat group, 45 associated individuals and a front company the Iranian government allegedly used to run a years-long malware campaign that targeted Iranian dissidents, journalists and others.
Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.
Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.
Two Iranian nationals have been charged with participating in a years-long hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East to steal "hundreds of terabytes" of data, according to the U.S. Department of Justice.
Stop me if you think you've heard this one before: Some ransomware attackers are hiding attack code in virtual machines or creating new leaking sites to pressure victims into paying.
Federal prosecutors have unsealed indictments charging five Chinese suspects - alleged members of the China-linked APT41 hacking group - with breaching more than 100 companies, government agencies and other organizations around the world.
The hacking group "Pioneer Kitten," which has suspected ties to the Iranian government, is taking advantage of several unpatched vulnerabilities and using open source tools to target U.S. businesses as well as federal government agencies, according to the Cybersecurity and Infrastructure Security Agency.
From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe's Magento software, possibly resulting in the theft of payment card data, according to Sanguine Security.
National Guard units are commonly called up to help deal with the aftermath of a natural disaster. And they played a role in responding to the COVID-19 pandemic and civil unrest. But some states are now calling out the National Guard to help safeguard elections from online attacks and interference.
As small businesses apply for loan forgiveness under the Paycheck Protection Program, and banks who made the loans on behalf of the Small Business Association investigate whether any were fraudulently obtained, fraud-detection technologies will play a critical role, says Frank Mckenna of Point Predictive.
The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies.
A Russian national who is allegedly part of an ongoing disinformation campaign targeting the upcoming U.S. election faces a charge of conspiracy to commit wire fraud, according to the U.S. Justice Department.
Independent bug hunters who find flaws in products and services often struggle to hand off their vulnerability report to someone in a position to get it fixed, says longtime security researcher Daniel Cuthbert. He describes steps organizations must take to be able to receive - and act on - bug reports.
Russian, Chinese and Iranian hackers are targeting organizations and individuals associated with the Republican and Democratic U.S. presidential campaigns, Microsoft reports, noting that the majority of the attacks appear to have been blocked.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
