The latest edition of the ISMG Security Report features an analysis of the progress made by law enforcement agencies in the effort to crack down on ransomware. Also featured: Evil Corp banking malware still active; XDR market trends.
The U.S. has joined an 80-nation agreement that sets collective goals for cyberspace, with a particular focus on internet integrity, electoral security, intellectual property theft, use of malign hacking tools and more. Vice President Kamala Harris confirmed U.S. entry into the multistate pact.
Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.
A subsidiary of the Central Depository Services Ltd. has patched a critical vulnerability that exposed sensitive data such as Permanent Account Numbers, income and net worth, broker names, amount of annual income tax return filed and CDSL client IDs for close to 44 million Indian investors.
Microsoft's November Patch Tuesday security update covers 55 security fixes, six of which are zero-day vulnerabilities, with two flaws being actively exploited in the wild. Does the relatively low number for November mean there is a patch backlog at Microsoft?
Two recently reported hacking incidents - each affecting tens of thousands of individuals - serve as contrasting examples of the wide range of time and difficulty it takes for some entities to determine and report protected health information breaches.
APT group Lyceum has targeted ISPs and telecommunication operators in Israel, Morocco, Tunisia and Saudi Arabia, as well as a Ministry of Foreign Affairs in an African country, according to Accenture’s Cyber Threat Intelligence group and Prevailion’s Adversarial Counterintelligence Team.
A new espionage campaign has allowed an unidentified threat actor to access data, including communications and services, on thousands of devices belonging to South Koreans, reports Aazim Yaswant, an Android malware analyst at mobile security company Zimperium.
A criminal hack attack has disrupted healthcare in Canada's easternmost province and resulted in the theft of patient information and personal details for healthcare employees. The province of Newfoundland and Labrador disclosed the apparent ransomware attack on Oct. 30, and has yet to restore all systems.
Before cybercriminals shifted heavily into ransomware, there was banking malware: sophisticated programs designed collect login credentials and intervene in transactions. A campaign using the Dridex banking Trojan has appeared in Mexico, says Metabase Q, a security company.
The U.S. Department of the Treasury has blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions. This action effectively bars Americans from doing business with the company.
MediaMarktSaturn Retail group, a German multinational chain of stores, has confirmed to ISMG that it has suffered a ransomware attack. It is reported that the attack was perpetrated by threat group Hive and has affected store operations in the Netherlands, Belgium and Germany.
A new initial access broker, Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, according to a new report. This process saves other threat actors time, effort and expense.
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.