Security News

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. The U.S. Attorney's Office for the District of Maryland, working with Homeland Security Investigations in Baltimore, seized "Freevaccinecovax.org," "Which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus," according to a release on the office's website posted earlier this week.

These domains are like the real thing and are often visited by users who have mistyped the genuine domain URL. Unfortunately, criminals are good at finding new ways to trick unsuspecting visitors to your website. Many domain registration companies now offer value-added services that can help protect against criminals seeking to exploit established domains.

Yubico announced its next-generation FIPS security keys: the YubiKey 5 FIPS Series. The addition of the YubiKey 5 NFC, YubiKey 5C NFC, and YubiKey 5Ci into the FIPS series lineup significantly expands coverage for mobile-first environments that many organizations have been waiting for.

The U.S. Agency for Global Media has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. USAGM is a US government agency whose mission is to "Inform, engage, and connect people around the world in support of freedom and democracy." USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team. On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.

A global-scale phishing campaign targeted worldwide organizations across an extensive array of industries with never-before-seen malware strains delivered via specially-tailored lures. UNC2529, as Mandiant threat researchers track the "Uncategorized" threat group behind this campaign, has deployed three new malware strains onto the targets' computers using custom phishing lures.

These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an updated advisory released on Wednesday.

Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage. Last week, Rogers suffered a massive outage throughout Canada, preventing users from accessing wireless voice and data services.

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky. In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.