Oct 03, 2024Ravie LakshmananCybercrime / Financial Fraud INTERPOL has announced the arrest of eight individuals in Côte d’Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a
admin
Meta has announced what it claims to be a “first-of-its-kind” information-sharing agreement with UK banks in a bid to arrest a growing social media fraud epidemic. The Fraud Intelligence Reciprocal Exchange (FIRE) will see high street lenders share threat intelligence with the social media giant so that it can take more targeted action to remove
Business Security Building efficient recovery options will drive ecosystem resilience Tony Anscombe 01 Oct 2024 • , 4 min. read Last week, a US congressional hearing regarding the CrowdStrike incident in July saw one of the company’s executives answer questions from policy makers. One point that caught my interest during the ensuing debate was the
Oct 02, 2024Ravie LakshmananCyber Threat / Malware Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. “While the attackers didn’t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely
Millions of Brits have fallen victim to fraud over the past three years, costing the wider economy an estimated £16bn ($21bn), according to a new study sponsored by Santander UK. The banking giant enlisted the help of cross-party think tank the Social Market Foundation (SMF) to poll 28,000 respondents across 15 European countries, to better understand
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it’s being used by a large number of cybercriminals to conduct credential theft. “For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages,” Palo Alto Networks
Cyber-resilience efforts are lagging among global organizations, partly because they’re failing to get CISOs involved in strategic technology investments, according to PwC. The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report. It found that just 2% of responding organizations have implemented cyber resilience actions across
Sep 30, 2024Ravie LakshmananGDPR / Data Privacy The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users’ passwords in plaintext in its systems. The investigation, launched by the DPC the
Following an inquiry into Meta Platforms Ireland Limited (MPIL), the Data Protection Commission (DPC) in Ireland has fined the firm €91m ($102m) for mishandling social media users’ passwords and GDPR infringement. The DPC launched the initial inquiry in April 2019 after MPIL notified the DPC that it had inadvertently stored certain passwords of social media
Video ESET research examines the group’s malicious wares as used to spy on targets in Ukraine in the past two years 27 Sep 2024 This week, ESET researchers published an extensive analysis of the tools and techniques of Gamaredon, a Russia-aligned threat actor that is currently the most active APT group in Ukraine. Their research
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating
The US government and global partners have urged action to strengthen the security and resiliency of undersea cable infrastructure, thereby protecting global communications and data from compromise. This includes incorporating cybersecurity best practices in the design of undersea cable infrastructure, reducing the risk of these services being hacked. The joint statement, endorsed by the
ESET Research ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine Zoltán Rusnák 26 Sep 2024 • , 5 min. read The war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a
Sep 28, 2024Ravie LakshmananCryptocurrency / Mobile Security Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source
A man has been arrested on suspicion of involvement in the hack of UK railway stations, which resulted in Islamophobic messages being displayed to passengers attempting to connect to public Wi-Fi. The British Transport Police (BTP) revealed that the suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail.
Digital Security Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics Phil Muncaster 25 Sep 2024 • , 5 min. read We live in fast-paced and often worrying times, and fraudsters are primed to take advantage. Fear can be a powerful weapon and scammers know
Sep 27, 2024The Hacker NewsCybersecurity Certifications In today’s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you’re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you’re always
Security researchers have discovered a new phishing campaign that capitalizes on excitement around the start of the League of Legends (LoL) World Championship this week to spread info-stealing malware. Bitdefender explained in a blog post that it’s spotted malicious social media ads promoting a free download of League of Legends, a popular PC-only game that
Kids Online Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app Phil Muncaster 24 Sep 2024 • , 5 min. read Snapchat may only be the 10th most popular social media platform in the world, but it estimates monthly
Sep 26, 2024Ravie LakshmananCloud Security / Cyber Espionage An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing
Security experts have repeated warnings not to use work email addresses to sign-up to third-party sites, after finding that thousands of US Congress staffers could be exposed to account hijacking and phishing. Secure mail provider Proton teamed up with Constella Intelligence to search on the dark web for over 16,000 publicly available email addresses associated
Sep 25, 2024Ravie LakshmananEmail Security / Threat Intelligence Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as
Telegram boss Pavel Durov has committed the platform to working more closely with law enforcement, while also cracking down on illegal activity. The Russian-born founder and CEO of the messaging platform said IP addresses and telephone numbers of those who break the app’s rules will be shared with police “in response to valid legal requests.” This is
Sep 24, 2024Ravie LakshmananData Privacy / Cybercrime In a major policy reversal, the popular messaging app Telegram has announced it will give users’ IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. “We’ve made it clear that the IP addresses
UK data protection regulator the Information Commissioner’s Office (ICO) has welcomed a decision by LinkedIn to stop training its generative AI (GenAI) models on UK users’ information. Executive director for regulatory risk, Stephen Almond, argued that for organizations to extract maximum value from GenAI, the public must be able to trust that their privacy rights
Sep 23, 2024Ravie LakshmananSoftware Security / Supply Chain Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter
HSBC claims to have successfully trialed the first application of quantum-secure technology for buying and selling tokenized physical gold. One year after the bank started tokenizing gold bullions using distributed ledger technology (DLT), HSBC announced on September 19 that it successfully tested quantum-secure methods to protect these assets against potential future quantum computing attacks. For
Video How do analyst relations professionals ‘sort through the noise’ and help deliver the not-so-secret sauce for a company’s success? We spoke with ESET’s expert to find out. 19 Sep 2024 The sixth episode of ESET’s Unlocked 403 cybersecurity podcast has host Alžbeta Kovaľová picking the brains of Zuzana Legáthová, ESET’s Senior Manager of Analyst
A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. “Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then destroy their infrastructure with a wiper to prevent recovery,” Kaspersky said in a Friday analysis.
Whoever the next US president is, they will have cyber policy measures to consider implementing in order to protect the US from both nation-state adversaries and cybercriminals. In its fourth annual report on implementation, published on September 19, the US Cyberspace Solarium Commission 2.0 (CSC 2.0) has provided the incoming administration and Congress with a
- « Previous Page
- 1
- …
- 5
- 6
- 7
- 8
- 9
- …
- 118
- Next Page »