Security News

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

The Black Basta ransomware-as-a-service syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a report.

A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks. The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.

Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. Fancy Bear is also known as APT28, Strontium and Sofacy.

"Despite defenders' best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually," said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint. Proofpoint entered into the report with a number of assumptions in place, detailing what methods threat actors would go to to carry out an attack, as well as the methods employed to help carry out such attacks.

Middle market companies face an increasingly volatile cybersecurity environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment,...

The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. An acronym for "Brazilian Remote Access Tool Android," BRATA was first detected in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while masquerading as antivirus software and other common productivity tools to trick users into downloading them.

The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device.

Since 2020, Chinese state-sponsored threat actors have operated large attack campaigns exploiting publicly identified security vulnerabilities. In these campaigns, the attackers receive valid account access by exploiting Virtual Private Network vulnerabilities or other Internet-facing services without using their own distinctive or identifying malware, making it harder for threat intelligence analysts to evaluate the threat.

For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on. The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years.