A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
The Emotet botnet, which recently surged back to life after a months-long hiatus, is now delivering the Qbot banking Trojan to victims' devices, security researchers say. So far, they've identified about 800,000 malicious emails attempting to spread the botnet.
Fast charging is a blessing, but there's a downside: The firmware running on some chargers can be maliciously modified. Researchers say chargers can be hacked to deliver more electricity than a device can handle.
A 21-year-old Cypriot man, who is accused of hacking into websites and stealing personal data to extort his victims, has been extradited to the U.S. to face charges of wire fraud and computer hacking.
As organizations that shifted to a remote workforce consider allowing some workers to return to the office environment, CISOs must reassess their security infrastructures, says Chris Kubic of Fidelis Cybersecurity, who formerly was CISO at the National Security Agency.
Companies can use data analytics and artificial intelligence to help mitigate the risk of collusion between their employees and vendors, says Amine Antari, managing director at the consultancy Kroll.
The U.S. Department of Justice has charged two Chinese nationals with hacking into the systems of hundreds of organizations in the U.S. and abroad. The suspects' activities allegedly included probing for vulnerabilities in systems at companies developing COVID-19 vaccines, treatments and testing tech.
The British government was underprepared for Russia's alleged attempts to influence the outcomes of the Brexit referendum in 2016 and the 2017 general election and failed to conduct adequate investigations, according to a report by the U.K. Parliament's Intelligence and Security Committee.
Which entities will be custodians of our identities? David Birch of Consult Hyperion discusses why banks could be likely candidates for this emerging role.
Cybercriminals are exploiting and using weak IoT devices in new ways, including as proxies for e-commerce fraud, says Allison Nixon of Unit 221b, who predicts that the next mass attack on the scale of Mirai will likely be way worse.
Security awareness and compliance training is an essential component of mitigating risks for the remote workforce in the financial services sector, says Theo Zafirakos of Terranova Security, who outlines key steps.
Twitter says attackers who hijacked more than 130 high-profile Twitter accounts used social engineering to bypass its defenses, including two-factor authentication on accounts. Experts say companies must have defenses in place against such schemes, which have long been employed by fraudsters.
How have the COVID-19 pandemic, lockdown and job losses affected the character and composition of the internet? Rapid7's Tod Beardsley rounds up the latest research into the prevalence of outdated and unsecured internet protocols and internet-connected devices - and there's both good and bad news.
A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal users' data as well as their cryptocurrency wallets.
A federal judge has ruled that Facebook's lawsuit against NSO Group - alleging that the Israeli company illegally developed a zero-day exploit to spy on WhatsApp users - can proceed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.