A new Android malware that can steal financial data, credentials, crypto wallets, personal data and cookies; bypass multifactor authentication codes; and remotely control infected devices is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.
A "technically sophisticated" threat campaign is cloning cryptocurrency apps to steal funds from web3 wallet users, security researchers at Confiant say. The campaign, dubbed SeaFlower, uses cloned wallet apps offered by MetaMask, Coinbase, imToken and TokenPocket to carry out the theft.
SSNDOB, a darknet marketplace selling stolen Social Security numbers and birthdates, has been shut down, says the U.S. Department of Justice. The takedown was the result of a multiagency effort involving the IRS-CI, the FBI, the DOJ, and law enforcement agencies of Cyprus and Latvia.
Billions of dollars have already been lost in crypto exchanges, and some of the some losses have been due to "basic" security failures, including third parties not implementing common controls, says Troy Leach, security executive in residence at Cloud Security Alliance.
Undisclosed attackers have likely stolen $1.7 million by deploying Clipminer, a cryptomining and clipboard hijacking malware, on compromised systems, says the Symantec Threat Hunter Team. According to the team, Clipminer is a copycat or an evolved version of cryptomining Trojan KryptoCibule.
Android spyware FluBot's infrastructure was disrupted by the Dutch police as part of a multinational law enforcement operation in May, rendering this strain of malware inactive, Europol says. The agency is continuing its probe into identifying the actors responsible for the malware campaign.
The FBI says in an alert that scammers have been posing as Ukrainian entities to fraudulently seek donations and other financial assistance for the war-torn country. The agency says scammers in the past have also used crises as opportunities to cash in with fraudulent donation schemes.
Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol says. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?
Financial services firms lose an average of $18.5 million per year through malicious activity like leaked credentials, payment fraud, money laundering, fake account registration, loyalty abuse, and more. Fraud prevention depends on effective intelligence gathering, and few firms have the tools or personnel to...
In this edition, Ari Redbord and Grant Schneider join ISMG editors to discuss the challenges ahead for the U.S. government as it plans to roll out EDR deployments at more than half of federal agencies this year, how stable the stablecoin economy really is and how to improve industry collaboration.
There has been a rise in crypto fraud, and a substantial portion of it can be attributed to stimulus funding and paycheck protection programs, says David Britton, vice president of strategy, global ID and fraud at Experian. He discusses new authentication methods and stricter regulations.
The new Expel Quarterly Threat Report provides data on what we’re seeing,
detection opportunities, and resilience recs to help protect your organization.
We’ll dive into the trends in this report, based on incidents the Expel security
operations center (SOC) team identified through investigations into...
Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.
In the latest update, four editors at Information Security Media Group discuss the intriguing insights exposed by the leak of ransomware gang Conti's internal communications, the U.S. Treasury's first-ever sanctions on a cryptocurrency mixer and the latest cyber activity in Russia's hybrid war.
In the latest "Proof of Concept," Ari Redbord, head of legal and government affairs at TRM Labs, and former CISO David Pollino of PNC Bank join editors at ISMG to discuss the U.S Treasury's decision to sanction cryptocurrency mixer Blender.io. They also assess software supply chain security.