A spear-phishing campaign is using military-themed malicious Microsoft Office documents to infect devices, according to researchers at Cisco Talos. The analysts also found this campaign is using a previously unknown dropper called IndigoDrop to spread a weaponized version of Cobalt Strike.
It's a new, dynamic workforce - and also a larger, more dynamic threat landscape. How have threats evolved, and how can enterprises better prioritize risks and response? Ran Shahor, CEO of HolistiCyber, shares strategies.
Integrating IoT devices into OT systems brings a raft of security concerns. Microsoft's acquisition of CyberX, which offers a specialized IoT/OT security platform, may give some organizations more confidence to tackle what can be a messy business of securing and monitoring IoT controls across a network.
As a result of the rapid move to a remote workforce, now is a golden opportunity to refine cybersecurity approaches - especially for the cloud, says Christian Toon, CISO at the international law firm, Pinsent Masons.
Hackers wielding Nefilim ransomware are targeting unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and threatening to dump data to try to force payment, New Zealand's national computer emergency response team warns.
A Nigerian entrepreneur has pleaded guilty to charges stemming from an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar.
France's top court has upheld a $56 million fine against Google for violating the EU's General Data Protection Regulation with its advertising personalization model that lacked adequate user consent measures. The fine is the biggest yet for a GDPR privacy policy violation.
If you've managed to equip your home with smart devices and appliances that work properly, you probably think you're all set. But there are no regulations around how long manufacturers must provide security updates, which could mean a smart device could become a risk.
Researchers at two security firms are tracking separate phishing campaigns that are targeting customers of Wells Fargo and Bank of America, according to reports. In each case, the fraudsters are attempting to steal users' credentials using various methods and lures.
Authorities have arrested a suspect accused of hacking the University of Pittsburgh Medical Center's human resources database in 2014 and stealing personally identifiable information from 65,000 employees, which was then used for tax fraud.
Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform. It's also rolling out other new security features.
Google has removed more than 70 malicious Chrome extensions after researchers with security firm Awake Security discovered the extensions could be used to steal users' credentials and security tokens.
Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University.
Organizations deploying deception technology must make sure to integrate it with other technologies to reap the full benefits of intrusion alerts, says Anuj Tewari, global CISO at IT Services HCL Technologies.
The surge in phishing campaigns and other types of fraud using COVID-19 themes has diminished in recent weeks, according to the Microsoft Threat Protection Intelligence Team, which asserts in a new report that such campaigns were never a dominant threat.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
