After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers.
Scammers are blackmailing users of infidelity-focused dating site Ashley Madison using leaked data from 2015, warns security firm Vade Secure. The sextortion shakedown is a reminder that while data breaches may be a blip for corporate entities, for individual breach victims, the impact may last forever.
Cybercriminals are using fake email messages about the coronavirus to spead the Emotet Trojan and other malware, according to reports released this week by IBM and Kaspersky.
Police in the United Kingdom have arrested six suspects as part of a money laundering investigation tied to the February 2019 theft of $14 million from one of Malta's largest banks. Officials say malware-wielding attackers moved money to accounts in the U.S., U.K., Czech Republic and Hong Kong.
A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.
The latest edition of the ISMG Security Report discusses the ramifications of the U.K's decision to allow limited use of Huawei's equipment in 5G networks. Plus: Updates on Wawa's stolen card data offered for sale and nascent security threats from social networks and drones.
A former moderator for the now-defunct AlphaBay darknet marketplace site pleaded guilty this week to a federal racketeering charge and could face up to 20 years in prison.
The United Nations did not reveal hacks last year that compromised dozens of servers and domains and may have exposed sensitive data, including information related to human rights abuses, according to The New Humanitarian news agency.
A long-running marketplace for selling stolen payment card data claims it has 30 million stolen payment cards that experts believe are linked to the breach at Wawa convenience stores late last year. The breach is one of the largest ever involving card-related data.
Trend Micro researchers created a phony "smart factory" that lured attackers, demonstrating how they are increasingly focusing on industrial control systems and have become adept at planting malware within vulnerable infrastructure.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
Police in Indonesia have arrested three suspected members of an e-commerce hacking crew that used JavaScript sniffing code to steal customer and payment card data. The arrests came as part of Interpol's ongoing anti-skimming operation, codenamed "Night Fury," targeting hackers in southeast Asia.
A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.
Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020.
Aleksey Burkov, who was extradited from Israel to the U.S. in November, plead guilty this week to several federal charges related to his site "Cardplanet," which trafficked in stolen payment card data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
