Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to creating messages and malicious domains designed to capitalize on various U.S. economic stimulus programs.
The World Health Organization, which has been at the forefront of the global COVID-19 pandemic since the start of the year, has witnessed a "dramatic" increase in the number of cyberattacks since the crisis began, according to the organization's CIO.
It's not so much that the threats have changed amidst the COVID-19 pandemic. It's that the attack surface has broadened, and it's more challenging for defenders to coordinate intelligence, tooling and processes, says Jimmy Astle of VMware Carbon Black.
The notorious carder marketplace Joker's Stash is advertising a fresh batch of 400,00 stolen payment cards issued by both South Korea and U.S. banks, warns Group-IB. It says that on average, stolen APAC payment card data sells for five times more than stolen U.S. payment card data.
The U.S. National Security Agency and the Australian Signals Directorate offer guidance on how to mitigate the growing threat posed by attackers using web shells to create backdoors.
VictoryGate, a recently discovered botnet that infected about 35,000 devices with malware, has been disabled by researchers from security firm ESET. The botnet's main purpose was mining monero cryptocurrency.
The former vice president of finance at a Georgia-based medical supplies company has been charged with hacking into the firm's computers and "sabotaging" shipment of personal protective equipment in the midst of the COVID-19 crisis.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
Two recently uncovered spear-phishing campaigns targeted oil and gas firms in the U.S., Asia and South Africa with AgentTesla, a notorious information stealer, according to Bitdefender. These campaigns appear tied to the global oil crisis.
Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint.
About 25,000 email addresses and passwords that are apparently for staff at the World Health Organization, the Gates Foundation, the U.S. National Institutes of Health and other organizations have been dumped online, according to the Washington Post.
About 267 million Facebook user IDs and other user information is being offered for sale on a dark net site for about $540, according to cybersecurity intelligence firm Cyble, which says the data, which does not include passwords, could be used for phishing and other schemes.
Massachusetts and Indiana have reached separate settlements with Equifax over the 2017 data breach that exposed the personal information of millions of residents of both states. The company will pay a total of almost $38 million to settle with the states.
TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft.
As e-commerce explodes during the global CIVD-19 pandemic, transaction authentication is more critical for fraud prevention, says Phil Dunkelberger of Nok Nok Labs, who discusses the latest fraud trends.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
