Security News

While an earlier report from security firm Cybereason found that Raccoon enabled credential stealing from Tor-hosted devices, the new analysis by CyberArk shows that the infostealer has now expanded its reach into popular web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge and others. "What used to be reserved for more sophisticated attackers is now possible even for novice players who can buy stealers like Raccoon and use them to get their hands on an organization's sensitive data," the report states.

Facebook recently investigated suspicious content meant to support U.S. presidential candidate Sen. Bernie Sanders but was unable to substantiate involvement by Russians or supporters of President Donald Trump, The Wall Street Journal reported Monday, citing people familiar with the matter. Last week, The Washington Post reported that U.S. officials had told Sanders that Russia was trying to support his campaign.

Eliminate guesswork and get in-depth insights and practical recommendations for navigating the ever-changing cybercrime landscape. This data-laden, incident-rich report delivers insider information on the players, their motivations, tactics and targets so you can make informed security strategy decisions.

A newly released report offers a glimpse into how European Union authorities are applying the General Data Protection Regulation to some of the biggest U.S. technology firms, including social media giants Facebook and Twitter. What makes Ireland a bellwether for GDPR is that many U.S. technology firms, including Apple, Facebook and Google, have designated Ireland as their "Main establishment" in the EU. Under GDPR, that enables them to qualify for a one-stop-shop mechanism, which ensures that the data protection authority in that country takes the lead on any EU privacy investigations.

Like many other BEC scammers, this group primarily runs its activities from Nigeria, but it also has operations in Ghana and Kenya, according to the report. Although the BEC gang originally focused on more traditional check fraud when it started operations in 2013, the group switched to BEC schemes starting around mid-2017, the researchers determined.

Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to hide their malicious activity, evade security controls and steal a wide range of confidential data. In a report sponsored by cryptographic key and digital certificate management firm Venafi, AIR Worldwide suggests the cost to U.S. business is between $15 billion and $21 billion; or between 9% to 13% of the total U.S. economic loss caused by cyber events.

Security teams are also more confident about their data breach response plans, even though the number is only 57%. Experian and the Ponemon Institute shared the state of data breaches and defenses against these attacks in the seventh annual "Is Your Company Ready for a Big Data Breach?" report. Experian has firsthand experience with a massive data breach.

A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers. While Defense Department officials did not provide specifics about the data breach, such as when it happened or how many individuals may have been affected, the notification letter refers to a data breach of a system hosted by the agency.

The phishing campaign apparently started earlier this year and has since slowed down, according to IBM. SMS Phishing. In their report, IBM researchers attribute the increasing spread of Emotet to a group that they refer to as the "Mealybug gang." After a lull of several months, Emotet resurfaced in September 2019, and it has been spreading rapidly since.

More than 400 vulnerabilities affecting industrial control systems were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in the previous year.