Security News

Rather than the typical ransom request for data restoration that has become commonplace, criminals are increasingly expanding their radius. Secondhand victims, including dental practices and insurance providers, could be potential targets based on the data obtained in the primary ransomware attack.

Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data. In this video for Help Net Security, Chris Pierson, CEO at BlackCloak, shares on these issues and emerging areas of risk for executives.

A new report from the FBI raises warnings about a credential theft threat targeting academic partners of identified US colleges and universities. These credential stuffing attacks are particularly concerning, because once an attacker is in possession of one login credential, he might run tools like OpenBullet to automatically check if they are valid for dozens or hundreds of other websites.

Credit card skimming is a technique that consists of using malicious code installed on compromised merchant websites to steal credit card information sent by the website's customers when they complete online payments. Once the attacker has access to the website's content, they need to add malicious code to steal the credit card information provided by the unsuspecting customers.

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns," the researchers said.

Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 - there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates. The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

VMware released a report which takes the pulse of the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector. The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years' past, as sophisticated cybercrime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

The report revealed how quickly cybercriminals capitalize on new security weaknesses - shrinking the window that organizations have to remediate vulnerabilities ahead of an attack. With 20,175 new vulnerabilities published in 2021, Skybox Research Lab witnessed the most vulnerabilities ever reported in a single year.

Cybercriminals are finding new ways to target cloud environments. To up their game, attackers are adopting more advanced and sophisticated methods to target sensitive and vulnerable cloud native environments.

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework.