The Biden administration has formally sanctioned Russia over the cyber operation that targeted SolarWinds and its customers as well as the disinformation campaign against the 2020 U.S. elections. The NSA and other agencies also attributed the SolarWinds attack to Russia's Foreign Intelligence Service, or SVR.
Hackers with apparent ties to North Korea who hit e-commerce shops via Magecart-style attacks to steal payment card data also tested malicious tools for stealing cryptocurrency, reports cybersecurity firm Group-IB. Such functionality could trick customers into paying with cryptocurrency.
Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.
Now that the Federal Reserve has issued a definition for synthetic ID fraud, fraud-fighting efforts likely will improve because it will be easier to identify red flags, some security experts say.
The Russian state-sponsored group Fancy Bear was responsible for breaches at the Swedish Sports Confederation that resulted in hackers accessing sensitive athlete information, including doping test results, according to the Swedish Prosecution Authority. But Sweden will not pursue legal action in the case.
Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.
Initial access brokers continue to ply their trade, selling immediate access to hacked sites to make it easier for gangs to steal data and crypto-lock systems. But researchers say an overabundant supply of access credentials appears to be driving down the prices being commanded on cybercrime forums and markets.
Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
Forescout Research Labs and the Israeli security firm JSOF have found nine Domain Name System vulnerabilities affecting four TCP/IP stacks that, if exploited, could lead to remote code execution or denial-of-service attacks - potentially on millions of devices.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
President Joe Biden has nominated two U.S. National Security Agency veterans for top cybersecurity positions as the White House continues to confront the fallout from the SolarWinds supply chain attack as well as attacks against on-premises Microsoft Exchange email servers.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
President Joe Biden is asking Congress to boost CISA's budget by $110 million to help enable the agency to address a range of cybersecurity issues following several high-profile incidents in the past six months.
Email security provider Cofense and data security firm StrikeForce Technologies both have announced acquisitions. Meanwhile, data protection firm OneTrust received additional funding.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.