The group behind the Sea Turtle espionage campaign that was exposed in April is expanding its geographic reach and claiming new victims, according to researchers with Cisco's Talos unit.
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.
A former software engineer for an Illinois-based locomotive manufacturer allegedly stole proprietary information and other intellectual property from the company before fleeing to China, according to an indictment the U.S. Justice Department unsealed Thursday.
A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, warns security firm Anomali.
A cybercriminal gang associated with the umbrella organization known as Magecart has been inserting malicious JavaScript into unsecured Amazon Web Service S3 buckets to skim payment card data, according to research published by RiskIQ. So far, 17,000 infected domains have been identified.
If you analyze any of the recently published cyber attacks, two patterns emerge:
80-90% of the attacks exploit an unpatched vulnerability or an unhardened, widely open system
70% of the attacks begin at the endpoints
While "cool" new products create a lot of buzz, cyber hygiene is often ignored. But, it must be...
So many products, so little value.
Organizations invest in multiple security products, train employees and manage activities, yet don't achieve their security goals. IT environments and endpoints are still vulnerable to attacks and exploits.
Most products have complicated or feature-rich functionality but only...
Security requirements need to be understood holistically in the context of your entire IT environment. Products and tools need to effectively address requirements without contributing to the chaos. Budgets and human resources are limited and need to be applied for maximum benefit.
But with hundreds of product...
The U.S. Coast Guard has issued an alert about an increase in malware attacks targeting the networks of commercial vessels. It's warning ship owners to take more cybersecurity precautions.
Ransomware plays on ever-bigger stages, but the fundamental question remains: To pay or not to pay? Fortinet's Sonia Arista, a former CISO, weighs in on ransomware and other hot breach trends.
Britain's privacy watchdog has proposed a record-breaking $230 million fine against British Airways for violating the EU's General Data Protection Regulation due to "poor security arrangements" that attackers exploited to steal 500,000 individuals' payment card data and other personal details.
HSBC paid a record $1.92 billion fine for money laundering violations in 2012. But no one ever went to jail for the crimes. Whistleblower Everett Stern discusses lessons learned from the case and the concept of "too big to jail."
Britain's biggest provider of forensic services, Eurofins, has paid a ransom to attackers who crypto-locked its systems with ransomware, the BBC reports. Experts say it's part of an alarming trend that seems sure to further embolden ransomware-wielding criminals.
Déjè' vu basic cybersecurity challenge all over again: With the U.S. government warning that geopolitical tensions could trigger wiper-attack reprisals, security experts review the basic anti-wiper - and anti-ransomware - defenses organizations should already have in place.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
