Advertising on Russian-language criminal forums is paying off for the author of the DarkGate malware as reflected by a spike in infections, including an unusual phishing campaign on Microsoft Teams to deliver the loader through HR-themed social engineering chat messages.
Synthetic ID fraud is nothing new, but it is expanding beyond fraudulent bank accounts to identity scams for auto loans. Many organizations fail to understand the link between data breaches and fraudulent IDs, said Jason Lord, vice president of product marketing at TransUnion.
Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets. Here are essential username, password and remote service practices for combating such attacks.
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls to steal data, cybersecurity officials warn. A new alert details exploits of each vulnerability by separate groups that targeted the same aeronautical firm.
In the aftermath of mergers and acquisitions among healthcare entities - and the resulting IT integration and cost-cutting moves - gaps in technology and skills and other gaps often put organizations at higher risk for attacks and other security incidents, said Jack Danahy of NuHarbor Security.
Government agencies are adopting zero trust architectures, both to meet regulatory requirements, but also as a security imperative to mature their security posture, however the specific challenges faced differ from those of commercial entities. Watch this webinar to gain insights into a dedicated Zero Trust practice...
Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021. Inclusion of the key in the crash dump was just one of many mishaps.
This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware attack.
The United States and Great Britain imposed sanctions against nearly a dozen Russian members of the malware gang behind the TrickBot ransomware dropper while U.S. federal prosecutors unsealed criminal indictments against nine individuals for their involvement in online crimes including ransomware.
This week's roundup includes an update on the Tornado Cash case, a proposal for a law-abiding crypto mixer, August hack numbers, Stake's resumption of operations, Binance's delisting of privacy coins in Belgium and a court order against the CEO of Celsius.
The lack of an understanding of what constitutes first-party lending fraud is causing massive losses at banks. Anna Bleazard, head of Singapore and South East Asia in financial crime compliance at FTI Consulting, recommends that banks intervene as early as possible.
The number of connected devices used in healthcare is growing as manufacturers constantly introduce new types of IoT equipment. The ever-evolving threat landscape is making it harder for many entities, particularly outpatient care providers, to keep up, said Justin Foster, CTO of Forescout.
Ransomware groups do whatever they can to pressure a victim into paying. Enter the likes of Ransomed, following in the footsteps of Alphv/BlackСat, NoEscape and Good Day-powered Cloak, all of which threaten victims with a world of General Data Protection Regulation violation pain unless they pay.
The U.K. government may have sidestepped a fight with American tech companies by appearing to soften a legislative mandate for chat apps to actively scan for terrorist and child sexual abuse content. The House of Lords is set this week to return the Online Safety Bill to the House of Commons.
An Alabama pediatric dental practice is notifying nearly 130,000 patients that their sensitive information was compromised in a recent cyberattack. The entity appears to have potentially paid a ransom in exchange for a promise by hackers to destroy breached data without further releasing it.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.