Security News

Unwanted and malicious emails using political-themed lures has spiked as the presidential primary season cranks into high gear - with Donald Trump and Bernie Sanders representing the lion's share of subject line themes. "Overall UCE volumes mentioning individual candidates suggests that Donald Trump not only has the incumbent's advantage but also maintains the strongest brand as he did in 2016," researchers said in a posting issued on Super Tuesday.

VAPs therefore must be prioritised for training, with additional attention given to checking their accounts for potential compromise, but they are not the only ones you should train. The problem training must address is employees do not consider themselves responsible for detecting and avoiding phishing.

Cybercriminals are now partnering with drug cartels across Latin America to attack financial institutions and governments, leveraging a wide variety of scams and malware to make millions, according to a new report from cybersecurity firm IntSights. Mexican law enforcement arrested Héctor Ortiz Solares-known as "El H-1" or "Bandido Boss"-in 2019 after he spent years recruiting top-tier hackers who built malware for his gang, named "Bandidos Revolution Team." The malware was designed to infect ATM machines and attack Latin American banks.

A Lincoln health care company has been targeted by cybercriminals, but company officials said there's no evidence of any patient data being compromised. NRC Health said it immediately shut down its system Feb. 11 to contain the ransomware attack, the Lincoln Journal Star reported.

Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet. A report from Fortinet on the threat landscape for the final quarter of 2019 reveals that cybercriminals will exploit every possible opportunity, both new and old, to attack organizations and users alike.

Tax season is upon us and cybercriminals have taken notice, unleashing a tidal wave of attacks targeting every US citizen and tax prep company. "This information is also valuable and could be used or resold for identity fraud purposes. Additionally, the employees legitimate tax documents can also be found here. This could be used by the attackers to file fraudulent tax returns on the employee's behalf to direct their tax returns to the attacker's coffers." Threat researchers at Zix-AppRiver released a report last week detailing their efforts monitoring and actively battling a series of Business Email Compromise attacks on CPAs and law firms over the past month.

Cybercriminals were already using convincing but fake emails from the WHO, CDC and Japanese government to trick people into downloading PDF, MP4 and Microsoft Word DOCX files. The shipping and manufacturing industry have taken massive hits because of the quarantines in China, and cybercriminals have sought to exploit that by bombarding companies with malware, spam and fake emails with links to sites like Office 365, Adobe and DocuSign hoping to steal emails and passwords.

Which ten software vulnerabilities should you patch as soon as possible? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

Be extra careful when looking for a job online, the Internet Crime Complaint Center warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. "While hiring scams have been around for many years, cyber criminals' emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels," they noted.

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according to a report by blockchain analysis firm Chainalysis. The emergence of these types of rogue cryptocurrency exchanges, along with technical advances, have made tracking virtual currency used in cybercrime, as well as terrorist financing, more difficult for law enforcement, the Chainalysis report finds.