As the value of cryptocurrency has plummeted, so too have the number of cryptomining infections being seen in the wild, reports security firm Malwarebytes. Taking its place, however, are criminals wielding advanced malware such as Emotet and Trickbot.
The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services. The warning comes as security companies have noticed a rise in DNS attacks.
Fresh strains of ransomware are being distributed by attackers who gain remote access to organizations' networks to infect them with Phobos, as well as via cracked-software sites that share adware installers inside which STOP ransomware has been hidden.
The U.S. Federal Trade Commission is close to concluding its investigation into Facebook over the Cambridge Analytica scandal, the Washington Post reports, noting that the social network may face a record-setting fine, exceeding the $22.5 million fine the FTC in 2012 slammed on Google.
Banks in West Africa have been targeted by at least four hacking campaigns since mid-2017, with online attackers wielding commoditized attack tools and "living off the land" tactics to disguise their efforts, Symantec warns.
Cybercrime outfits appeared to take a vacation around the December holidays. But attacks involving Emotet, Hancitor and Trickbot have resurged following their December slowdown, as has the Fallout exploit kit, lately serving GandCrab ransomware.
Facebook has removed hundreds of accounts, alleging that the account creators misrepresented their identity. The social network alleges that some of the accounts were surreptitiously created by employees of the state-owned Sputnik news agency in Moscow, which Sputnik disputes.
Leading the latest edition of the ISMG Security Report is an in-depth look at why ransomware remains a pervasive threat and how it's evolving. Also featured: updates on venture capital investments in cybersecurity and a study of vulnerabilities in industrial remotes.
The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.
Most companies have huge gaps in their cyber security defenses, and can be compromised at will by a determined hacker. The industry even has a term for it: "Assume Breach".
Join Roger A. Grimes, a 30-year computer security consultant, for this webinar where he explores the latest research on what's wrong with current...
The Reserve Bank of India intends to do away with the one-time password authentication process for online transactions. In a step in that direction, for the first time, it's allowing widespread tokenization of debit, credit and prepaid card transactions to enhance the safety of digital payments.
Ransomware attacks continue, with the city of Del Rio, Texas, saying its operations have been disrupted by crypto-locking malware. Meanwhile, CryptoMix ransomware urges victims to pay ransoms, claiming it will fund treatments for seriously ill children, while GandCrab gets distributed via malvertising attacks.
The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?
Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services. One recent job listing from the data-leaking blackmail gang called The Dark Overlord sought technically proficient individuals who were fluent in Arabic, Chinese or German.
A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016. A rival internet services provider paid Kaye $100,000 to launch the attacks.