Attacks targeting cloud-based data nearly doubled in 2019 as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report. Observers expect the trend to continue this year.
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about surging COVID-19 themed scams and other "illicit activities," ranging from fraud involving the sale of fake cures, tests and vaccines to price gouging for supplies.
European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.
Cryptocurrency-mining hackers appear to be behind a recent spate of supercomputer and high-performance computing system intrusions. But it's unclear if attackers might also have had data-stealing or espionage intentions.
Besides hospitals and academic institutions, dozens of nonprofits, including nongovernmental organizations - or NGOs - around the world must protect their COVID-19 research and related activities from those seeking to steal data or disrupt their operations, says cyber risk management expert Stanley Mierzwa.
The operators of the REvil ransomware strain are attempting to ratchet up pressure on a New York law firm to pay a $42 million ransom, threatening to release more data on the firm's roster of celebrity clients. So far, the REvil gang has released about 2 GB of legal information related to Lady Gaga.
More ransomware-wielding gangs are not just crypto-locking victims' systems, but also stealing and threatening to leak data unless they get their demanded bitcoin ransom payoff. A growing number of security experts believe the strategy is leading more victims to pay.
Fraudsters have conned Norfund, a private equity investment firm based in Oslo, Norway, out of more than $10 million in what the company calls an "advanced data breach." But the incident bears the hallmarks of a business email compromise scam.
A sophisticated cyber-espionage campaign using spyware called Mandrake has been targeting Android users for at least four years, according to security firm Bitdefender. The malware has the ability steal a range of data, including SMS authentication messages from banks.
ARCHER, a British high-performance computing system for academic and theoretical research, has been offline since May 11, when a "security incident" forced the University of Edinburgh to take down the supercomputer. The security incident also affected supercomputers in other parts of Europe, university officials say.
The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.
A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report.
A recently discovered cyber-espionage toolkit called Ramsay is designed to infiltrate air-gapped networks to steal documents, take screenshots and compromise other devices, according to the security firm ESET.