The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
"Hack for hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.
The FBI has arrested another alleged member of the FIN7 cybercrime gang, which has been stealing millions of payment cards and other financial data since at least September 2015. It's the fourth arrest of those tied to the group.
Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.
Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.
A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.
Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report.
Cyberattacks continue to plague organizations worldwide. Many of the largest and most damaging attacks stem from malware-infected files that evade traditional security solutions.
Security teams need a more effective and comprehensive solution to the problem of undetected malware not only affecting SecOps teams but...
German prosecutors believe that an alleged Russian hacker who apparently is a member of an elite military unit is responsible for the 2015 cyberattack against Germany's parliament, according to a news report. Earlier, the suspect was charged in connection with U.S. 2016 election interference.
The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.
In an apparent attempt to spread TrickBot malware, cybercriminals are sending fake emails designed to look like notifications from the Labor Department concerning changes to the Family and Medical Leave Act, according to IBM X-Force.
Ransomware, phishing, extortion scams - they all are
using COVID-19 themes. But socially engineered attacks
were already on the rise before the pandemic, say Olesia
Klevchuk and Nishant Taneja of Barracuda, who share
insights on the evolution of cloud-based email defenses.
Download this eBook to learn more...
A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.