While the exposure of insecure databases on the internet is relatively common, a recent incident featured an unusual twist - the data was mysteriously deleted.
The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.
Having a more thorough incident response plan can help organizations mitigate attacks faster and fine-tune their disaster recovery efforts, says Jeremiah Dewey of Rapid7.
Fortinet's FortiGuard Labs is out with its latest Global Threat Landscape Report, and it tracks cyber adversaries exploiting the COVID-19 pandemic at a worldwide scale. The best response? A shift to proactive defense, says FortiGuard's Derek Manky, Chief, Security Insights & Global Threat Alliances.
High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.
Michigan State University is investigating how hackers were able to steal credit card data from the school's online shopping site over a nine-month period.
Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.
The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.
The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.
Rep. Bill Foster, D-Ill., who has twice introduced a measure to pave the way for a national patient identifier, explains in an in-depth interview why he believes such an ID is essential.
A manufacturer of transit communication systems that pivoted to build ventilators during the COVID-19 pandemic is reportedly the latest victim of the DoppelPaymer ransomware gang.
Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data.
A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.
The U.K.'s privacy watchdog is probing banking giant Barclays over its use of employee monitoring tools after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees.
Reddit had a very "Make America Great Again" weekend, as more than 70 subreddits were temporarily hijacked and used to post "MAGA" messages in support of U.S. President Donald Trump. Attackers claim they used social engineering and password stuffing to compromise the accounts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.