A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about surging COVID-19 themed scams and other "illicit activities," ranging from fraud involving the sale of fake cures, tests and vaccines to price gouging for supplies.
Cryptocurrency-mining hackers appear to be behind a recent spate of supercomputer and high-performance computing system intrusions. But it's unclear if attackers might also have had data-stealing or espionage intentions.
U.S. facilities that produce, use or store hazardous chemicals are vulnerable to cyberattacks, in part because cybersecurity guidelines from the Department of Homeland Security are outdated, according to a recent GAO audit.
Besides hospitals and academic institutions, dozens of nonprofits, including nongovernmental organizations - or NGOs - around the world must protect their COVID-19 research and related activities from those seeking to steal data or disrupt their operations, says cyber risk management expert Stanley Mierzwa.
More ransomware-wielding gangs are not just crypto-locking victims' systems, but also stealing and threatening to leak data unless they get their demanded bitcoin ransom payoff. A growing number of security experts believe the strategy is leading more victims to pay.
A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
A recently discovered cyberespionage toolkit called Ramsay is designed to infiltrate air-gapped networks to steal documents, take screenshots and compromise other devices, according to the security firm ESET.
Hacking groups linked to China's government are targeting research and healthcare facilities that are working on developing vaccines, testing procedures and treatments for COVID-19, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warn in an alert.
Anubis, one of the most potent Android botnets, apparently is getting a refresh a year after its source code was leaked, security researchers say. The changes could help fraudsters more closely monitor activity on hacked devices.
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.
Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks.
Authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password-spraying campaigns" by advanced persistent threat groups seeking to steal COVID-19 research data. Security experts outline defensive steps that organizations can take.
Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.