Security News

Hackers target FCC, crypto firms in advanced Okta phishing attacks
2024-03-02 16:18

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.

CISA warns of Microsoft Streaming bug exploited in malware attacks
2024-03-01 19:18

CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks. Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.

Iranian charged over attacks against US defense contractors, government agencies
2024-03-01 18:30

The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies. "Nasab participated in a cyber campaign using spear phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information," said Damian Williams, US Attorney for the Southern District of New York.

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
2024-02-29 15:21

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML...

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
2024-02-29 11:19

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on...

Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT
2024-02-29 04:00

76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. 61% of enterprises still suffer significant losses to mobile fraud, with smishing and vishing being the most prevalent and costly.

The CISO’s guide to reducing the SaaS attack surface
2024-02-29 03:55

Please turn on your JavaScript for this page to function normally. SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs.

ALPHV/BlackCat claims responsibility for Change Healthcare attack
2024-02-29 00:29

The ALPHV/BlackCat cybercrime gang has taken credit - if that's the word - for a ransomware infection at Change Healthcare that has disrupted thousands of pharmacies and hospitals across the US, and also claimed that the amount of sensitive data stolen and affected health-care organizations is much larger than the victims initially disclosed. UnitedHealth owns the healthcare IT provider, and more than 70,000 pharmacies across the USA use its software to process insurance claims and fill prescriptions.

LockBit ransomware returns to attacks with new encryptors, servers
2024-02-28 18:31

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.

Need to Know: Key Takeaways from the Latest Phishing Attacks
2024-02-28 15:01

This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. In the face of rampant phishing attacks that can cause large-scale data breaches, here are some ways you can limit phishing risks.