Researchers from Trend Micro have found a new infostealer malware strain, written in the AutoHotkey programming language, that is capable of stealing banking credentials from different web browsers.
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about the potential for fraud, ransomware attacks or similar types of criminal activity related to COVID-19 vaccine research and distribution organizations.
Identity management will be at the forefront of securing remote work in the coming year. Jason Bohrer, new leader of the Secure Technology Alliance and the U.S. Payments Forum, describes key initiatives as he steps into this role.
A recently uncovered payment card skimmer is targeting several large content management systems that support the online checkout pages of dozens of e-commerce sites, according to researchers with Sansec. The malware works by using a keylogger to harvest payment and personal data.
Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
First you had 'shadow IT,' then 'shadow cloud.' Now enterprises are encountering 'shadow APIs' - and the lack of visibility into these interfaces is causing new, often overlooked cybersecurity vulnerabilities, says Subbu Iyer of Cequence Security.
He's commanded armed forces, directed the National Security Agency, and now he is president of vendor IronNet Cybersecurity. From this unique perspective, retired General Keith Alexander says the SolarWinds breach is "a call for action."
Cybercriminals are targeting online shoppers in the U.S. and Western Europe with fake Amazon gift cards that deliver the Dridex banking Trojan, the security firm Cybereason reports.
A cybercriminal gang known as "UltraRank" has launched a new campaign, targeting at least a dozen e-commerce sites to steal payment card data using a JavaScript sniffer, says security firm Group-IB.
After a nearly two-month hiatus, the Emotet botnet recently sprung back to life with a fresh spamming and phishing campaign designed to spread other malware as secondary payloads, according to security researchers. The botnet has also been revamped to better avoid network defenses.
An investigation at the U.S. Treasury Department has found that it suffered a "significant" breach as a result of the SolarWinds Orion supply chain attack, a top Democrat on the Senate Finance Committee reports. Meanwhile President-elect Joe Biden said of the attack: "I promise you, there will be a response."
The FBI, Europol and other law enforcement agencies shut down a virtual private network Tuesday that was providing a "bulletproof hosting service" that allowed cybercriminals to conduct illegal operations, including ransomware attacks, while remaining hidden from police.
A key player in the now-defunct "Silk Road" darknet marketplace who hid his involvement with the creation and operation of the website has been sentenced to eight months in federal prison for making false statements to federal investigators.
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies. Meanwhile, CISA warns the SolarWinds Orion supply chain compromise may not be the only infection vector.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.