More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.
Twilio, which runs a customer engagement platform used by thousands of businesses, says that its employees were tricked via SMS phishing messages into giving attackers their login credentials, resulting in the theft of information on customers, as well as their customers and end users.
The US Consumer Financial Protection Bureau reportedly plans to release new guidance requiring banks to reimburse consumers for certain money-transfer service scams. Ken Palla, former director at Union Bank, says banks might look to the U.K. for examples of how to stop authorized push payment fraud.
Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.
The cybercriminals behind BlackCat ransomware have upgraded their arsenal by adding Brute Ratel, a pen-testing tool with remote access features that are used by attackers. The group targets large corporations in different industry segments across the U.S., Europe and Asia.
Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes. From there, they emailed corporate vendors to obtain financial data.
Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million. The attack took advantage of human credibility, not a cybersecurity exploit in the Uniswap protocol, experts say. The stolen funds are being laundered in a cryptocurrency mixer.
The government of Puerto Rico announced an investment of $7.6 million toward strengthening cybersecurity on the island. The island has undergone a string a embarrassing cybersecurity incidents, including a phishing incident that stole $2.6 million of taxpayer dollars.
The past few years have shown us a tremendous shift in BEC attacks, which changed its strategies from Executive Impersonation to opting to impersonate third party vendors and suppliers instead. This shift has given the threat actors a plethora of additional trusted identities to exploit.
This Threat Intelligence...
Hotel chain Marriott International Inc. confirmed reports of a data breach and attempted extortion incident. Unknown hackers claim to have stolen 20 gigabytes worth of data but the hospitality giant tells ISMG only one system was compromised and no critical business or customer data was exposed.
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.
Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.
For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.
Putting banners in emails to alert recipients to the potential dangers lurking in messages is a highly effective way to keep employees safe from phishing attacks. A lot of specialists in anti-phishing technology fall into a category analyst firm Gartner calls Cloud Email Security Supplements (CESSs). Every one of...
"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.