While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia. Now, however, Reuters reports that a separate group of Chinese hackers was also exploiting SolarWinds vulnerabilities to hack targets.
Kevin O'Brien, CEO and co-founder of GreatHorn, often asks business leaders about their email security, and they say "It's OK." But what's not "OK" is that these defenses are leaving enterprises wide open to vulnerabilities that adversaries are exploiting.
Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.
Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails. The schemes include business email compromise scams, messages with malicious attachments and phishing emails designed to harvest credentials.
A recent phishing campaign tied to an Iranian hacking group known as "Charming Kitten" used SMS and email messages to spread malicious links in an attempt to steal email credentials in the U.S., Europe and the Persian Gulf region, security firm Certfa Lab reports.
Ransomware gangs entered 2020 with a full and dangerous set of weapons at their disposal and then rolled out additional tools such as extortion and new distribution methods, a trend that is expected to continue into 2021.
The past year has been marked by economic uncertainty stemming from the global pandemic, which has also created an expanded remote workforce and broadened the attack landscape.
An ongoing spear-phishing campaign is spoofing the official Microsoft.com domain name and targeting users of the company's Office 365 suite, according to security firm Ironscales. Fraudsters are likely using these attacks to harvest credentials.
The hacker-for-hire group DeathStalker, known for conducting espionage campaigns against small and medium-sized businesses, has started using a new malware strain called PowerPepper, according to a report from the security firm Kaspersky.
Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.
Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.
Cybersecurity is poised to become a higher White House priority when President-elect Joe Biden takes office. And he's expected to renew key international relationships needed in the fight against cyberattacks.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.