The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.
Venture capital firm Sequoia Capital confirmed it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired. Cybersecurity teams and law enforcement agencies have been notified.
As tax season begins, the Internal Revenue Service is warning that it's seeing signs of fraudsters spoofing the agency's domains and incorporating its logos and language into phishing campaigns.
Individuals suspected of providing hacking, logistical and financial support to the Egregor ransomware-as-a-service operation have been arrested by police in Ukraine as part of a joint operation with French cybercrime police coordinated by Europol, according to a French media report.
The ongoing lockdown may be complicating the path of Cupid's arrows. But as another Valentine's Day rolls around, authorities are warning that romance scammers - and other types of fraudsters - are alive and well and have been increasingly preying on unsuspecting victims around the world.
Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.
Small businesses have been disproportionately affected by hackers in recent months. To aid in countering the threat, Mastercard has launched a cybersecurity education effort targeting this market segment. Paul Trueman, a senior vice president Mastercard, explains the “Trust Center” initiative.
Trickbot appears to be making a comeback with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis by Menlo Security. Researchers had warned the malware might surface again after a coordinated takedown of the botnet's infrastructure in 2020.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
Microsoft researchers say that a North Korean hacking group that the company calls "Zinc" - which is better known as the Lazarus Group or Hidden Cobra - likely was responsible for targeting vulnerability researchers in an attempt to steal information via a backdoor.
Wireless carrier UScellular is investigating an incident involving hackers tricking employees into downloading malicious software that compromised a customer relationship management platform, exposing personal data.
Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.
The security firm FireEye reports that a recently uncovered phishing campaign spoofed DHL's delivery service as way to collect personal information, including credit card data, from victims.
A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
