Security News
Phishing attacks have only grown with the rise of SaaS in the workplace, and even the most security-savvy worker can be duped into a phishing attack. The turnkey platform allowed users to customise campaigns and create their own phishing tactics, providing them with over 100 phishing templates that copied known brand and services guidelines, kits, hosting and other tools.
The threat actor behind the malware-as-a-service called Eternity has been linked to new piece of malware called LilithBot. "The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks."
Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA. While a majority of respondents in each of seven geographic regions feels that their company's cybersecurity is satisfactory, CompTIA's "State of Cybersecurity" shows that a much smaller number rank the situation as "Completely satisfactory." Nearly everyone feels that there is room for improvement. "Companies are aware of the threats they face and the potential consequences of an attack or breach," said Seth Robinson, VP of industry research, CompTIA. "But they may be underestimating their exposure and how much they need to invest in cybersecurity. Risk mitigation is the key, the filter through which everything should be viewed."
Domain shadowing is a subcategory of DNS hijacking, where threat actors compromise the DNS of a legitimate domain to host their own subdomains for use in malicious activity but do not modify the legitimate DNS entries that already exist. These subdomains are then used to create malicious pages on the cybercriminals' servers while the domain owner's site's web pages and DNS records remain unchanged, and the owners don't realize they have been breached.
Critical Insight announced the release of the firm's H1 2022 Healthcare Data Breach Report, which analyzes breach data reported to the United States Department of Health and Human Services by healthcare organizations. This Help Net Security video reveals why attackers are changing targets and moving from large hospitals to smaller hospital systems.
With 3 billion players globally, the $200 billion gaming market is an increasingly ripe target for cybercriminals - with the perennially popular Minecraft one of the most targeted lures. Using statistics gathered by the Kaspersky Security Network, which processes anonymized threat data shared voluntarily by customers, the security vendor examined the most widespread malware strains that were found to have an association with the biggest games on PC and mobile.
A new phishing-as-a-service toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication - proxifying victim's session," Resecurity researchers said in a Monday write-up.
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. Prynt Stealer, which came to light earlier this April, comes with capabilities to log keystrokes, steal credentials from web browsers, and siphon data from Discord and Telegram.
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment.
Imperva releases data showing that 25% of all gambling sites were hit with DDoS attacks executed by botnets in June. As the Wimbledon tennis tournament began at the end of June, DDoS attacks increased and impacted 10% of gambling sites.