The Lazarus group, an offensive hacking team with ties to North Korea, rolled out a new weapon during a recent phishing campaign targeting South Koreans: Image-laden documents containing malicious bitmap files, reports security firm Malwarebytes.
Cybercriminals, likely backed by nation-states, are expanding global spear-phishing campaigns targeting the COVID-19 vaccine "cold chain" in an attempt to steal credentials so they can gain "privileged insight" into sensitive information, the IBM Security X-Force says in an updated report.
Researchers at the security firm Intel 471 report cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated, hard-to-discover, malicious documents that can be deployed in phishing attacks.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data. Attackers are now using credential stuffing techniques and targeting unprotected data in transition.
Anyone wanting to invent a system designed to stoke widespread abuse by fraudsters would be hard-pressed to best the non-fungible token. Because they get bought and sold using cryptocurrency, it's only a question of when scammers will turn their attention to defrauding NFT aficionados.
Several members of the German Parliament, the Bundestag, and political activists in the country were targeted by a spear-phishing campaign, according to a local news report Friday. Parliament previously sustained a cyberattack in 2015.
The latest edition of the ISMG Security Report features an analysis of recent “tell-all” interviews with members of ransomware gangs. Also featured: insights on securing IoT devices and mitigating insider threat risks.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Criminals have been targeting customers of British electric vehicle charging infrastructure provider BP Pulse with malicious emails that appear to have been sent from legitimate accounts and domains tied to BP Chargemaster, which is what the service was previously called.
Internet-enabled crime has surged during the pandemic, with more than $4.2 billion in losses reported by victims to U.S. authorities in 2020. The most lucrative type of crime continues to be business email compromise scams, which last year accounted for at least $1.8 billion in losses, the FBI reports.
A hacking group used a fake Huawei careers website to lure telecommunications workers and infect the job seekers' devices with malware that could steal information, says McAfee's Advanced Threat Research Strategic Intelligence team.