The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
Other darknet marketplaces apparently are preparing to fill the underground economy's need for a steady stream of stolen payment card data if the Joker's Stash site closes Feb. 15 as its administrator has announced. Some researchers believe the administrator may even launch a new marketplace.
The U.S. government should take a number of steps to help minimize the risk that benefits provided by the next rounds of economic stimulus programs designed to provide relief from the impact of the COVID-19 pandemic are not fraudulently obtained, security experts say.
More fraudsters are using artificial intelligence to generate “Frankenstein faces” for use in synthetic identity fraud. Kathleen Peters of Experian outlines this disturbing development in fraudster behavior, as outlined in a new report.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
Trickbot appears to be making a comeback with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis by Menlo Security. Researchers had warned the malware might surface again after a coordinated takedown of the botnet's infrastructure in 2020.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
Microsoft researchers say that a North Korean hacking group that the company calls "Zinc" - which is better known as the Lazarus Group or Hidden Cobra - likely was responsible for targeting vulnerability researchers in an attempt to steal information via a backdoor.
The law enforcement agencies behind this week's disruption - dubbed “Operation Ladybird” - of Emotet are helping victims by pushing out an update via the botnet’s infrastructure that will disconnect their devices from the malicious network.
Wireless carrier UScellular is investigating an incident involving hackers tricking employees into downloading malicious software that compromised a customer relationship management platform, exposing personal data.
In Britain, the National Crime Agency and the Financial Conduct Authority warn that the number of "clone firm" scams has significantly increased during the COVID-19 pandemic. Over a six-month period, these fraudulent schemes have led to more than 78 million pounds ($107 million) in losses for victims.
An APT group known as Lebanese Cedar has launched a cyberespionage campaign targeting telecommunication companies and ISPs, according to the Israeli security firm ClearSky, which says the attacks have spread beyond the Middle East to the U.S. and Europe.
Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.