The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.
The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.
Multiple critical vulnerabilities that could enable hackers to access sensitive data have been found in India's National Critical Information Infrastructure Protection Center, and most of them remain unpatched, says ethical hacking group Sakura Samurai.
The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington. Victim organizations say AFTS is investigating the incident and that an unknown amount of individuals' data was exposed.
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.
In an update on the investigation into the SolarWinds supply chain attack, Deputy National Security Adviser Anne Neuberger said the Biden administration is preparing "executive action" to address security shortcomings that have come to light.
A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.
In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say. And this year, it shows no signs of slowing down - it's already hacked e-commerce site Bonobo and dating site MeetMindful.
Since SEGs are missing so many phish, there’s a good chance other technologies - firewalls, anti-virus, and EDR - also aren’t spotting these threats. Such gaps can leave you vulnerable for hours or even days.
Bottom line: you can’t rely on SEGs alone. They’re the first line of defense, not the last...
Why are polymorphic attacks more successful? A campaign that lacks uniformity doesn’t look like a campaign and makes it difficult for security operators to keep rules up to date at the gateway. For many cybersecurity teams who lack bandwidth, finding the full scope of a polymorphic attack to quarantine is...
With a pandemic sweeping the world, countless businesses have had to move online to cope. This sudden surge in new online commerce has also led to a rise in cyber attacks, particularly through credit card fraud.
Download 'The State of Credit Card Fraud 2021' ebook and find out how you can protect your business from...
As the world comes to terms with the new normal, financial services and insurance firms must learn to balance good CX with proper fraud detection.
Download this study and read about how:
Firms have seen a 42% increase in year-over-year call volume because of the pandemic
83% of firms rely on contact center agents...
Interactive voice response (IVR) systems are now hubs for both customer care and associated fraud. This document describes how an end-to-end approach that spans time, channels and multiple data sources can detect activity by fraudsters and prevent their efforts to mine personal data and, ultimately take over...