A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ.
This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
DDoS, bad bots and automated attacks - these are the common strikes against organizations that support ecommerce. How can they fend off these attacks without impacting normal human traffic? Edward Roberts of Imperva shares strategies and solutions.
Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered.
A 21-year-old California man who pleaded guilty to repeatedly hacking gaming company Nintendo to steal confidential data has been sentenced to serve three years in federal prison, according to the U.S. Justice Department.
Social media poses special risks for minors. Data scientist David Stier, who has discovered leaks of minors' personally identifiable information on Instagram, shares insights on how social media companies should better protect PII.
CISA and the FBI have issued a warning that advanced persistent threat groups are waging cyberespionage campaigns against U.S. think tanks, especially those working on international affairs or national security policy.
Interpol the international law enforcement organization, is warning of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert follows recent reports of spikes in alleged cyberattacks by suspected North Korean hackers against companies working on vaccines and treatments.
K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.
Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.
A botnet called DarkIRC is exploiting a remote execution vulnerability in Oracle WebLogic, according to Juniper Threat Labs. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum.
As part of a cyberespionage campaign, the Russian hacking group known as Turla deployed a backdoor called "Crutch" that uses Dropbox resources to help gather stolen data, according to the security firm ESET.
Fraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop. He shares a new account-centric defensive solution.
Citi, Equifax, Capital One - the list of financial institutions that have suffered high-profile cyber incidents is long, and the penalties they've incurred have been steep. To Scott Kannry, CEO of Axio, it all comes down to cyber risk - and he has new ideas for redefining it.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.