Carnival Corp., the world's largest cruise ship company, is investigating a ransomware attack that likely compromised customer and employee data, according its filing with the SEC. It's the company's second security incident this year.
Copycats using well-known threat actor names, such as Fancy Bear and Armada Collective, are launching extortion campaigns tied to distributed denial-of-service attacks against financial institutions, according to Akamai's Security Intelligence Research Team.
Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.
A hacking group dubbed "CatusPete" is now using a revamped backdoor called Bisonal to target banks and military organizations in Eastern Europe, according to Kaspersky. Security analysts have previously tied the group to China.
The Canadian government is investigating two credential-stuffing incidents that affected some of the country's most essential services, including taxation, healthcare, welfare benefits and immigration.
Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.
After a data breach, organizations should use artificial intelligence to help combat fraud, says Jim Van Dyke, CEO at the security firm Breach Clarity, who offers strategic insights.
Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.
The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.
President Donald Trump has signed a new executive order that requires TikTok owner ByteDance to divest its U.S. operations within 90 days. In the new order, Trump cites national security concerns in demanding the Chinese company sell its American assets.
An alert from U.S. National Security Agency and the FBI warns of a recently discovered Russian-deployed malware variant called Drovorub that's designed to target Linux systems, creating a backdoor into targeted networks to exfiltrate data.
A new study from Sophos describes how the Dharma ransomware-as-a-service model offers low-skilled hackers the ability to profit from attacks on unprotected small businesses.
Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.
The latest edition of the ISMG Security Report analyzes why Barclays is being investigated for allegedly spying on its employees. Also featured: How the pandemic is affecting CISOs; an FBI assessment of nation-state threats to U.S. election.
The U.S. Justice Department has seized more than $2 million worth of cryptocurrency from terrorist groups who solicited donations via social media and waged fraud campaigns.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.