While malicious wipers have stolen most of the headlines in the Russia-Ukraine cyberwar, investigators say Russians are now using modified GammaLoad and GammaSteel info stealer malware to spy on compromised government employee accounts and avoid detection. The attack begins with a phishing email.
Hackers stymied by Microsoft's crackdown on macros are shifting to malicious OneNote attachments. Particularly worrying is the takeup of the tactic by an initial access broker associated with various ransomware infections, say researchers from Proofpoint.
Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than award-winning author and Data-Driven Defense Evangelist at KnowBe4, Roger Grimes. While researching his most recent book Hacking...
The Identity Theft Resource Center's 2022 Annual Data Breach Report reveals a near-record number of compromises - the second-highest number in 17 years. ITRC COO James Lee worries that a sudden lack of transparency in breach notices is creating more risk for consumers.
Russian and Iranian state-sponsored hackers are using advanced social engineering tactics to target journalists, defense organizations and academic and civil society organizations in the U.K. for cyberespionage campaigns, the British National Cyber Security Center warns.
Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.
Ukraine's top information protection agency says Russian cyberattacks are focusing on destruction of critical information infrastructure, spying and disinformation. Although efforts are underway, it will require $1.79 billion to completely restore the telecommunication sector, it says.
The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers. The deal has helped Rapid7 determine the spoofed domains and the employees and social media accounts that adversaries have targeted, CEO Corey Thomas says.
Authorized payment scams are growing, and regulators, lawmakers and banks are taking note. As some banks look at ways to reimburse customers for Zelle scams in 2023, experts expect technology vendors to focus on creating new solutions to detect scams and prevent such payments from being made.
In 2023, we'll see ransomware groups exploring new methods to get money from the same victims and entering the "the fifth generation of ransomware." Cybereason field CISO Greg Day shares his predictions for cybersecurity trends this year, from cloud security to deepfake scams.
Vista Equity Partners' specialization in enterprise software and bench of subject-matter experts should help KnowBe4 reach $1 billion in ARR, says CEO Stu Sjouwerman. The processes and tech stack that got KnowBe4 to $300 million in ARR today aren't necessarily what'll get the firm to $1 billion.
Check fraud, first-party fraud and AI-related fraud will increase on a massive scale in 2023, thanks in large part to growing insider threats and the global economic slowdown. Frank McKenna, chief fraud strategist at Point Predictive, explains how banks can prepare to tackle these types of scams.
Expect the recently leaked database containing over 200 million Twitter records to be an ongoing resource for hackers, fraudsters and other criminals operating online, experts warn. Though 98% of the email addresses have appeared in prior breaches, bad actors can merge databases and do more damage.
Authorized payment scams are on the rise, and banking regulators are putting pressure on financial institutions to do more to protect customers. The biggest challenge is that the customers are driving the process, says Bradley Haacke, vice president and financial crimes director at Fifth Third Bank.
Expel has released its latest quarterly threat report, which looks at continued identity-based attacks and the impact of MFA fatigue. Jon Hencinski shares insights on attack trends, gaps in compensating controls and what to look for in pre-ransomware activity.