A sophisticated phishing toolkit called W3LL Panel has been used to exploit at least 8,000 endpoints since the middle of last year to perpetrate costly business email compromise schemes, Group-IB reports. Such toolkits help automate the entire life cycle of a BEC attack.
Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage. An energy facility cyber defender impeded the attack by blocking the launch of indows Script Host, CERT-UA says.
Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools in their websites or mobile apps potentially violates federal data privacy and security regulations.
High-security fence manufacturer Zaun, which supplies military bases and prisons, said its cybersecurity barriers were breached by the LockBit ransomware group, which subsequently leaked stolen data. Zaun blamed the breach on a "rogue Windows 7 PC" connected to a manufacturing machine.
A startup founded by the longtime leader of Secdo and backed by the likes of Qumra Capital and Accel could soon be acquired by Tenable. The company is in advanced negotiations to purchase cloud infrastructure security startup Ermetic in a deal valued at between $300 million and $350 million.
Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting themselves. Rivals also offer ready alternatives to ransomware groups and other criminal users.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
A cyberespionage campaign by a well-funded but lesser-known hacking group is using previously unknown backdoors to hack government agencies and tech companies. The group, dubbed Earth Estries by Trend Micro, appears well practiced in cA cyberespionage campaign by a well-funded but lesser-known hacking group is using...
A hacking group linked to Russian domestic intelligence agency the FSB has intensified attacks in tandem with a Ukrainian military push to expel Russian invaders, say Kyiv cyber defenders. Gamaredon went on a spring spree of registering domains to use as hacking infrastructure.
IoT and OT devices, which include network-attached storage devices, hold valuable data that ransomware groups seek to compromise. NAS devices are often exposed on the internet and lack the robust security measures found in other endpoints, said Daniel dos Santos of Forescout Technologies.
Hackers aligned with Chinese interests are targeting Android users with fake chat apps Trojanized with espionage capabilities in separate and ongoing campaigns, one active since July 2020 and the other for more than 12 months. Eset attributed the campaigns to a threat group tracked as Gref.
In the latest "Proof of Concept," two CyberEd board members, Connecticut state CISO Jeff Brown and Maricopa County CISO Lester Godsey, join ISMG editors to discuss securing digital government services, improving user experiences and balancing user convenience with robust identity verification.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
Western intelligence agencies lent authority Thursday to a Ukrainian exposé unmasking a campaign by Russian military state hackers targeting battlefield Android devices. Agencies from the Five Eyes intelligence alliance collectively dub the malware components "Infamous Chisel."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.