Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.
As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But experts warn such bans could have "terrible consequences," leading to costlier and more complicated recovery.
Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider. DoorDash says it experienced "unusual and suspicious activity" on its third-party vendor's computer network that was a victim of a phishing campaign.
Cryptocurrency trading platform Coinbase faces a proposed class action from a user who says poor security led to the theft of $200,000 from his account. Attempts by plaintiff Manish Aggarwal to contact the company turned into a fight with an "impenetrable automated 'customer service' process."
The recently discovered Russian-linked MagicWeb malware that exploits on-premises Microsoft Active Directory Federated Services servers to persist in compromised systems underscores the benefits of cloud-based infrastructure and a zero trust approach to architecture, security researchers say.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
Fintech company Block faces a putative class action demanding damages for customers affected by a 2021 data breach that affected 8.2 million individuals. The company, formerly known as Square and co-founded by former-Twitter CEO Jack Dorsey, disclosed the breach in April.
As the latest wave of ransomware attacks, extortion attempts and related fallout continues to hit hospitals globally, U.S. federal authorities have issued a new warning to the healthcare sector about Karakurt, the group behind one of the recent incidents.
An ongoing phishing campaign has compromised Twilio, Mailchimp and about 130 other organizations by using a lookalike Okta login page to trick employees into divulging their password and multi-factor authentication code. Researchers have traced the attacks to a 22-year-old suspect in North Carolina.
Cyber criminals are running scripting attacks on e-commerce sites that attempt to complete small payments by automatically inputting payment card numbers based on the Ally Bank identification number. There are no indications of a data breach at Ally Bank, says a source close to the fraud detection.
The ongoing COVID-19 pandemic continues to fuel new opportunities for cybercriminals, malicious insiders and other adversaries who are posing new security threats to the privacy of patient health data, says attorney Erik Weinick of law firm Otterbourg P.C.
The latest edition of the ISMG Security Report discusses how ransomware-as-a-service groups are shifting their business models, how investigators battling cybercrime have been hindered by GDPR, and how employees consider workplace "choice" a key factor for job satisfaction.
An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an email inbox scraping tool, proof of the group's dedication to developing and maintaining purpose-built capabilities. The tool spoofs the user agent to look like an outdated browser.
Ragnar Locker ransomware group released 361 gigabytes of what appears to be confidential data belonging to Greek national natural gas operator DESFA. The threat group says the alleged victim did not negotiate with it. The company confirmed a cyberattack and said it would not pay the ransom.
P2P fraud is among the hottest cybercrime trends globally. JP Blaho of BioCatch discusses the latest scams, including Zelle fraud, and differences in incidents, investigations and regulatory requirements in the U.S. and other global hot spots.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.