Researchers uncovered a spear-phishing campaign targeting automotive and chemical manufacturers across the Spanish-speaking nations of Mexico and Spain. The latest campaign began in June 2022, uses Grandoreiro banking Trojan and impersonates Mexican government officials, Zscaler ThreatLabz reports.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
Infoblox has invested in shifting left in the cybersecurity kill chain with on-premises, cloud and hybrid versions of its BloxOne Threat Defense tools, which help security practitioners find and identify threats earlier and mitigate risks, says President and CEO Jesper Andersen.
Research by Dun & Bradstreet says business identity fraud jumped 254% in 2020. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.
Cyber insurance can defray costs associated with data breaches and ransomware attacks. But Kelly Butler of the advisory firm Marsh & McLennan Companies says insurers are tightening their requirements for policies due to rising costs associated with increasingly severe incidents.
Cisco says it fell victim to a successful hack attack and data breach in May. While an attacker wielding Yanluowang ransomware claimed to have exfiltrated data and crypto-locked systems, Cisco says nothing sensitive was stolen and no systems were infected by ransomware.
ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.
Combining the back-end data analytics of Google Chronicle with Mandiant's ability to identify signals of abnormal behavior on the front-end is an unbeatable combination, John Watters says. Google agreed in March to purchase threat intelligence and incident response titan Mandiant for $5.4 billion.
Data breaches are far too common nowadays. Companies need to prioritize security to protect their sensitive data without impacting ease of collaboration.
The IDC survey revealed that 83% of data breaches resulted from an identity compromise, like phishing. Organizations can stop data breaches by adopting identity...
Twitter confirms that a zero-day vulnerability allowed threat actors to gain access to the personal information of 5.4 million user account profiles. The company was notified about this specific vulnerability in Twitter's systems through its bug bounty program in January.
As ransomware attacks continue to pummel organizations, Rapid7 Chief Scientist Raj Samani says victims must identify how the attacker broke in and if they've given themselves persistent ways to regain access. Otherwise, he says, "They'll hit you again and again."
Researchers from cybersecurity firm Mandiant say they've discovered a network of inauthentic news sites transmitting Chinese propaganda apparently all under the control of Shanghai Haixun Technology Co., a Chinese PR firm that advertises "positive energy packages."