Security News
Resecurity has recently identified a new Phishing-as-a-Service called EvilProxy advertised in the Dark Web. While the incident with Twilio is solely related to the supply chain, cybersecurity risks obviously lead to attacks against downstream targets, the productized underground service like EvilProxy enables threat actors to attack users with enabled MFA on the largest scale without the need to hack upstream services.
Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand's Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered and shared with Thai CERT. The data was put for sale on several Dark Web marketplaces and was available for further purchase via a Telegram channel created by the bad actors.
How phishing attacks are exploiting Amazon Web Services. Cybercriminals prefer to use legitimate sites and services in their phishing scams, not just to trick unsuspecting victims but to sneak past security scanners that would otherwise block traffic from a suspicious site.
Several new marketplaces have appeared on the dark web, claiming to be the dedicated online portals for notorious criminal cartels from Mexico. The emergence of these markets was spotted by DarkOwl analysts, who identified a trend, shifting from large markets that drew law enforcement attention to smaller, less publicized sites.
In May, DDG admitted its supposedly pro-privacy mobile browser wasn't blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards. Back in January, Twitter fixed a privacy flaw that made it easy to unmask users.
Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. 87% of the ransomware found on the dark web has been delivered via malicious macros to infect targeted systems.
Dark Web credit card fraud less pervasive but still an ongoing problem. Stolen credit card data is always a hot item for sale on the Dark Web, particularly if the package includes not just the card number but the expiration date and CVV code.
Businesses today are more than standalone organizations. They have complicated ecosystems with intersections between the corporation and their customers, suppliers, and partners.
Protect your business from cybercrime with this dark web monitoring service We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In addition to using a VPN and anti-malware software, it's also smart to invest in a service like Dark Web Monitoring for Business.
Specops Software released new research finding cybersecurity weaknesses in business web apps including Shopify, Zendesk, Trello, and Stack Overflow. This Help Net Security video reveals how popular business web applications failed to implement critical password and authentication requirements to protect customers.