Uber is probing a hack attack after an intruder appeared to breach multiple internal systems, using the company's Slack messaging app to announce: "I am a hacker and Uber has suffered a data breach." The ride-hailing service has taken multiple systems offline while it investigates.
Cyberattackers of today have numeroussophisticated ways to attack an organization's Active Directory (AD) infrastructure. This also includes the hazardous risks that come with a comprise of the company's Azure AD service.
Once attackers they get in, they can wreak some serious havoc. And then there is the...
Dain Drake was CEO of a steel fabrication factory. In June 2019, Drake found himself standing outside a closed adult boutique in Houston at 10:00 a.m. on a Sunday. He called the owner and pleaded for him to come. He needed something inside, which might just save his business - from ransomware.
The Lazarus Group, a North Korean advanced persistent threat gang, recently targeted energy companies in Canada, the U.S. and Japan to establish long-term access into victim networks to conduct espionage operations by deploying custom-built malware implants VSingle, YamaBot and MagicRAT.
Banking regulators are looking for ways to tackle authorized payment scams, such as spreading the risk to other banks. In a new report on how eight countries are handling this fraud, researcher Ken Palla advises banks to focus on reimbursing victims and preventing the theft.
The only surprising aspect of the ransomware attack against Los Angeles Unified School District is that it didn’t happen sooner. The district was warned of cybersecurity weaknesses in the 20 months leading up to its ransomware attack. The Vice Society gang has claimed credit.
The latest ISMG Security Report discusses a new phishing-as-a-service toolkit designed to bypass multifactor authentication, the decision by Lloyd's of London to exclude nation-state attacks from cyber insurance policies, and challenges at Okta after it acquired customer identity giant Auth0.
A U.S. law enforcement investigation involving multiple countries resulted in the shutdown of an online marketplace selling millions of Social Security numbers, payment cards and other credentials. Prosecutors unsealed a complaint against a Moldovan man fingered as the operator.
Whether for profit or in furtherance of Russian geopolitical interests - or both - former members of the Conti ransomware group have been targeting networks operated by the Ukrainian government and businesses, as well as European nonprofit organizations, Google's Threat Analysis Group reports.
Akamai conducted a detailed study of the victims and masterminds behind the world’s leading RaaS (ransomware as a service) organizations, with a focus on 2021’s highest-grossing ransomware group — Conti.
This special report compiles Conti’s most popular tools and techniques so businesses can gain critical...
Patrons of InterContinental Hotels Group hotels might need to call the front desk rather than book hotel rooms online due to an ongoing cyberattack. Cybersecurity intelligence firm Hudson Rock tells ISMG telemetry indicates multiple employees downloaded malware compromising their credentials.
In today’s connected world, securing web applications and APIs from a wide range of threats — from web app business logic attacks and API abuse to bots — is critical for business success. However, securing digital properties amid cloud journeys, modern DevOps practices, and constantly changing applications and...
In today's dynamic threat environment, security teams must adopt a risk-based approach, prioritizing the most important areas of their organization. They also should not be afraid to seek outside help. Murtaza Hafizji of Bugcrowd discusses the merits of crowdsourced security.
It's been over one year since the release of President Biden's cybersecurity executive order, and federal agencies are making measurable progress in adopting zero trust architecture. Dennis Reilly of Gigamon discusses specific progress around visibility and observability in the network pillar.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.