Security News
TechRepublic spoke with email security firm Tessian's CEO Tim Sadler, who tells us how to avoid being phished or scammed during the search for perfect presents. Because of the flurry of e-commerce activity, email inboxes are filled with offers and notifications from retailers.
End users just want to do their job, not become cybersecurity experts. To eliminate the glut of information, Finney, in the Forbes article Tactical Literacy: How We Can Overcome Ignorance In Cybersecurity, suggests we embrace "Tactical literacy." As to what that means, let's start by defining tactical and literacy with regards to cybersecurity.
A group of cybercriminals used mobile emulators to spoof thousands of mobile devices , which enabled them to steal millions of dollars within days. Targeting financial institutions in Europe and the United States, the mobile banking fraud operation relied on over 20 emulators to spoof more than 16,000 mobile devices and access compromised accounts.
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point. In another campaign, the email touts the subject line of "Pfizer's Covid vaccine: 11 things you need to know" and includes an executable file named "Covid-19 vaccine brief summary." Clicking on this file triggers the nasty malware called Agent Tesla, a Remote Access Trojan that acts as a keylogger and infostealer.
Cybercriminals have been observed targeting a recently disclosed vulnerability in the GO SMS Pro messaging application to steal user data. Whenever a user attempts to send a media file, Trustwave's SpiderLabs security researchers discovered, the application would generate a URL that can be easily guessed and which does not require authentication to access the shared media.
Cybercriminals are recognizing that the data that automotive companies have to offer - from customer and employee personal identifiable information to financial data - is invaluable. Paul Prudhomme, cyber-threat intelligence analyst at IntSights, warned in new Thursday research that automotive cyberattacks are on the rise - whether they're aimed at intellectual property theft or bent on delivering ransomware.
At the same time as they have stepped into the breaches opened up by an increasingly diffused and corporate workforce, the bad guys have taken advantage of an almost universal thirst for information and reassurance with ever more creative spear phishing and whaling attacks. By thinking like them before you start to fight back, which is what we'll be showing you how to do in our webcast "How I'd Attack You", on November 18 at 0900 PT. The Register's own one-man attack surface Tim Phillips will be joined by Dan Fein and Mariana Pereira of cyber defence specialists Darktrace.
Hackers are looking to cash in on the top shopping days in the U.S. - Black Friday and Cyber Monday - as well as other events, like Singles' Day, which recently occurred this week in China. Last year, researchers said that social-media scams and domain-impersonation scams were some of the biggest types of attacks during the holiday shopping season.
"For over a decade, Brovko participated in a scheme to gain access to Americans' personal and financial information, causing more than $100 million in intended loss," said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department's Criminal Division, in a statement issued Monday. In October, a new variant of the InterPlanetary Storm botnet was discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices.
With the U.S. presidential elections a mere few weeks away, the security industry is hyper-aware of security vulnerabilities in election infrastructure, cyberattacks against campaign staffers and ongoing disinformation campaigns. The good news, Olney, said in a recent video interview with Threatpost, is that awareness of election-security threats has increased since the 2016 elections.