A variant of the TrickBot Trojan bypasses two-factor authentication for mobile banking, for example, by intercepting one-time codes sent over SMS, according to IBM X-Force.
Microsoft has confirmed that a serious flaw in Windows SMB_v3 exists that could be exploited by attackers to remotely seize control of vulnerable systems. While no attacks have been seen in the wild, no patch for the wormable flaw is yet available. A workaround exists for servers, but not clients.
The rapidly evolving threat environment requires a multilayered protection strategy - one that closes the technical and human gaps - for every organization to maximize its cybersecurity performance and minimize the risk of falling victim to sophisticated attacks, including phishing, malware and ransomware which can...
Visser Precision, a U.S. manufacturer that supplies Boeing, Lockheed Martin, Tesla and SpaceX, appears to have been hit by the DoppelPaymer ransomware gang, which has begun leaking internal data and threatening to leak more unless the victim pays a ransom.
The operators behind the "Raccoon" infostealer Trojan have added new capabilities to this malware-as-service offering, which now has the ability to steal data from over 60 applications, according to researchers at the security firm CyberArk.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
Emotet malware alert: The U.S. Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet malware attacks. It urges all organizations to immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
Attackers are hitting unpatched Pulse Secure VPN servers with Sodinokibi - aka REvil - ransomware, British security researcher Kevin Beaumont warns. Pulse Secure says that although many organizations have installed the critical April 2019 patch, holdouts persist.
The U.S. Coast Guard issued a security alert this month after a ransomware attack took down the IT network of an unnamed maritime facility. Investigators believe that the incident involved the Ryuk ransomware strain and started with a phishing email.
Warning: Attackers wielding LockerGoga and MegaCortex ransomware have been hitting large corporate networks, sometimes first lingering for months. That's according to a new FBI flash alert, as reported by Bleeping Computer, which essentially tells would-be victims: Please, get your defenses in order now.
Three member of a cybercriminal gang that used the GozNym malware platform to steal approximately $100 million from victims across the world have been sentenced for their roles in the scam, according to U.S. Justice Department and prosecutors in the country of Georgia.
The MyKings botnet, which has been spreading cryptominers and other malware, continues to grow in sophistication, using steganography to hide malicious updates, Sophos Labs reports. New research also shows attackers are exploiting the EternalBlue vulnerability in Windows.
The latest edition of the ISMG Security Report discusses the recent ransomware attacks on the city of New Orleans as well as other units of local government and schools. Also featured: discussion on security issues for IoT and legacy medical devices.
The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.
