Security News
The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, according to security researchers. The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances and eager for information about the virus and new organizational policies being implemented.
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer code was first inserted on the website of the blender retailer on Feb. 20, specifically targeting the website's checkout page, where customers input their payment information.
The U.S Department of Health and Human Services was the victim of a cyberattack on Sunday as the federal government attempts to deal with the coronavirus crisis, according to a report from Bloomberg. "The U.S. Health & Human Services fell victim to a Distributed Denial of Service attack yesterday when several endpoints controlled by a nation-state attacked their networks," Stephen Boyce, principal consultant at risk management and digital forensics firm Crypsis Group, said.
There is a big difference between the promise of 5G low latency, higher bandwidth, and speed for businesses versus the security of 5G. While many are excited about Gartner's prediction of $4.2 billion being invested in global 5G wireless network infrastructure in 2020, few discuss the business costs of its unheralded security holes. 5G is poised to drive IoT, industrial IoT, cloud services, network virtualization, and edge computing, which multiplies the endpoint security complications.
Federal agencies participating in the Office of Management and Budget's Data Center Optimization Initiative report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will continue to operate are at increased risk of being hacked, the U.S. Government Accountability Office warned last week. The new GAO study reveals that due to the lack of reporting requirements for key facilities and lack of proper documentation of decisions on which facilities are exempt from DCOI, agencies might remain exposed to vulnerabilities and oversight of consolidation, and optimization efforts may be impaired.
On Tuesday, researchers reported two malware campaigns connected to the coronavirus: One that uses a phishing email to spread Remcos RAT and malware payloads and the other using a Microsoft Office document to drop a backdoor onto a victim's computer. One campaign is in the form of a phishing email with a PDF offering coronavirus safety measures, according to research from ZLab-Yoroi Cybaze.
On Tuesday, researchers reported two malware campaigns connected to the coronavirus: One that uses a phishing email to spread Remcos RAT and malware payloads and the other using a Microsoft Office document to drop a backdoor onto a victim's computer. One campaign is in the form of a phishing email with a PDF offering coronavirus safety measures, according to research from ZLab-Yoroi Cybaze.
More than half of city and state employees in the United States are more concerned about cyberattacks than they are of other threats, a new study discovered.
Although businesses are increasingly at risk for cyberattacks on their mobile devices, many aren't taking steps to protect smartphones and tablets. These companies were twice as likely to be compromised as those that didn't take precautions.
Millions of people are eagerly anticipating this summer's Olympic Games in Tokyo-and so are cyberattackers. "Events like the Olympics serve as an amplifier for cybercrime," said Emily Wilson, vice president of research at Terbium Labs.