It's a new and permanent extended enterprise, as cybersecurity leaders budget for 2021. What are the top threats and vulnerabilities? How have enterprises hardened their endpoint defenses? Stacia Tympanick of VMWare Carbon Black previews a new virtual roundtable.
Suspects in the epic attack against Twitter were uncovered, in part, by the use of their real photo identification for cryptocurrency accounts they used to broker the sale of stolen usernames. The mistakes proved crucial to their identification, according to court documents.
The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says.
The FBI is warning that attacks using a ransomware variant called Netwalker have increased since June, targeting government organizations, educational entities, healthcare firms and private companies in the U.S. and elsewhere. Phishing campaigns spreading the malware are using COVID-19 themes as a lure.
Suddenly, onboarding, servicing and securing digital accounts with advanced authentication techniques isn't just a priority for global enterprises; it is the priority. Dean Stevenson of HID Global previews an upcoming virtual roundtable discussion.
With less than 100 days to go before the U.S. election, intelligence officials are warning of attempted interference by Russia, China and Iran. But Congressional lawmakers are disagreeing about the severity of these threats.
A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
The Emotet botnet, which recently surged back to life after a months-long hiatus, is now delivering the Qbot banking Trojan to victims' devices, security researchers say. So far, they've identified about 800,000 malicious emails attempting to spread the botnet.
Following Twitter's admission that cryptocurrency scammers socially engineered its employees to gain control of 45 high-profile accounts, one reaction has been: Why didn't anyone crack Twitter sooner? Unfortunately, the answer is that they have, especially if you count nation-states bribing insiders.
Twitter says attackers who hijacked more than 130 high-profile Twitter accounts used social engineering to bypass its defenses, including two-factor authentication on accounts. Experts say companies must have defenses in place against such schemes, which have long been employed by fraudsters.
The operators behind a family of Brazilian banking Trojans are expanding their operations to other parts of Latin America as well as North America and Europe, according to Kaspersky. Some of these malware variants have been re-engineered to better avoid security tools.
Fraudsters used phishing emails purporting to be a warning from Chase Bank about "unusual activity" on credit cards in an attempt to steal consumers' account credentials, according to Mariana Pereira of the security firm Darktrace.
A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. These attacks come as use of the platform soars due to work-from-home arrangements.