Security News

The Securities and Exchange Commission announced charges against SolarWinds and its CISO, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed SUNBURST, SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.

63% of respondents indicated that they are comfortable with AI helping their bank detect fraud. Almost half of respondents abandoned a new bank account application after starting because it didn't feel secure or was too cumbersome.

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of...

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that "Sold off-brand mobile and Connected TV devices on popular online retailers and resale sites preloaded with a known malware called Triada." Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human's researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX. Analysis of infected devices yielded intel on an ad fraud module Human's researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android.

A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. Badbox-infected devices are able to steal personally identifiable information, establish residential proxy exit peers, steal one-time passwords, create fake messaging and email accounts, and other unique fraud schemes.

Online fraud is a pervasive and constantly evolving threat that affects individuals and organizations worldwide. In this Help Net Security round-up, cybersecurity experts talk about online fraud and damaging effects it has on individuals and organizations.

The risk of falling victim to fraud is a constant concern for individuals, businesses, and organizations alike. As technology evolves, so too do the methods employed by fraudsters, making fraud prevention an increasingly critical and complex endeavor.

Nearly 70% of businesses said that fraud losses have increased in recent years and most businesses reported that they plan to increase their fraud management budgets by at least 8% to as much as 19%. Despite their plans to increase their fraud prevention budgets, data shows that businesses may not be completely aligned with consumer expectations. Enable real-time fraud detection: Machine learning can help businesses detect and prevent fraud threats in real time, helping to identify both known and unknown threats to stay ahead of fraudsters.

Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. While the global fraud rate trended lower than normal expected fraud levels during the report's time period, Visa shared that it helped to proactively block $30 billion in those time periods.

Losses from global roaming fraud are anticipated to exceed $8 billion by 2028; driven by the increase in bilateral roaming agreements for data-intensive use cases over 5G networks, according to Juniper Research. As bilateral 5G roaming agreements proliferate, the research predicts operators will deploy more sophisticated fraud mitigation tools.