A Chinese nation-state group is hacking foreign affairs ministries and embassies across Europe, employing a sophisticated HTML-smuggling technique to deliver the insidious PlugX remote access Trojan to compromised systems. The technique raises concern about the security of diplomatic institutions.
A hacker suspected to be based in Mexico is targeting financial institutions using "relatively unsophisticated" tools but is achieving a high degree of success among banking customers, SentinelOne said. The threat actor also offers smishing as a service.
CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.
Cyber crooks are performing server hijacking or proxyjacking to make money from the sale of their victims' compromised bandwidth on proxy networks, a new report by security firm Akamai finds. "The attacker doesn't just steal resources but also leverages the victim's unused bandwidth," it says.
Financial services organizations face unique cloud security challenges, due to special regulatory, data security and privacy considerations that don't necessarily apply to other industries. Security and payments experts with overlapping skill sets unpack the challenges and how to deal with them.
Federal regulators are once again reminding healthcare entities and their vendors of the importance of using strong multifactor authentication to help fend off hacks and other compromises, but they also warn about avoiding common mistakes with MFA.
Critical services in the Netherlands could be a potential target of ransomware and hacktivist attackers with ties to Russia as a means to sow large-scale disruptions in the country, according to a Dutch National Cyber Security Center warning this week.
An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an updated version of the Powerstar backdoor, also known as CharmPower, which takes advantage of a distributed file protocol to distribute customized phishing links.
The world's top chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom. TSMC said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.
The U.S. Department of Health and Human Services has notified Congress that the information of at least 100,000 individuals has been compromised in hacking incidents at HHS contractors involving exploitation of a flaw in managed file transfer software MOVEit from Progress Software.
While financial fraud has been prevalent for years, businesses still struggle to find it among large pools of data. In this second installment on accounting fraud, a panel of experts discussed the challenges including a lack of resources, skills and tools to identify fraud.
The new ransomware group 8Base is fast becoming a big player in the underground market, amassing nearly 40 victims in June - second only to the notorious LockBit ransomware gang. The group's top targets include business services, finance, manufacturing and IT industries.
The sensitive personal information of about 1.1 million National Health Service patients including trauma patients and victims of terrorism is reportedly among data compromised in a recent cyberattack on the United Kingdom's University of Manchester. The incident also affected students and alumni.
This week's crypto roundup includes DeFi hacks and scams in the second quarter of 2023, FTX and SBF, Justby in the CFTC's crosshairs, and JokerSpy in a Japanese exchange. Also, the IMF says a crypto ban won't curb risk, Binance won't delist privacy coins, and EU banks have new capital requirements.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
