A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal users' data as well as their cryptocurrency wallets.
Continuous authentication can play a key role in combating fraud, says John Buzzard, lead fraud and security analyst at Javelin Strategy & Research, who discusses the role of behavioral biometrics.
After a nearly six-month hiatus, the Emotet botnet has sprung back to life with a spam campaign targeting the U.S. and U.K., according to security research reports. Victims are hit with phishing emails that contain either a malicious URL or Word document attachment that downloads malware.
An Iranian-backed hacking group appears to have accidentally left over 40 GB of training videos and other material exposed online, according to researchers at IBM, who found the unprotected server. The material includes videos describing attacks aimed at U.S. Navy and State Department personnel.
Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.
Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.
The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.
Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs. The malware operators are using unsecured DNS protocols to exfiltrate the data.
Payment card hackers are now hiding malicious JavaScript inside an image's EXIF metadata and then sneaking the image onto e-commerce sites, according to the security firm Malwarebytes.
A Russian national charged in connection with co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty.
Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro, which says five of those cities had already been victims of similar Magecart-style attacks in recent years.
Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions.
This video highlights how visibility into the illicit communities where credentials are leaked can help organizations establish or refine password policies.
The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years.
The FBI is warning that cybercriminals and fraudsters are increasingly targeting mobile banking apps with malware in order to steal credentials and conduct account takeover attacks. The shift to mobile banking has increased since the COVID-19 pandemic.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.