A Nigerian national who has been extradited to the United States allegedly laundered millions of dollars stolen in business email compromise scams, according to the Justice Department. He flaunted his lavish lifestyle on social media, prosecutors say.
The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer.
The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.
Tens of millions of Americans have lost jobs because of COVID-19. As a result, former 'most wanted" fraudster Brett Johnson predicts a surge in fraud, saying bluntly: "There are going to be a lot of victims."
The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason. The messages are designed to appear to come from postal and delivery services.
With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights.
A preliminary settlement in a class action data breach lawsuit against Iowa Health System - which does business as UnityPoint Health - contains an unusual provision that could prove quite costly.
A hacking group dubbed CryptoCore has stolen more than $200 million in virtual currency from several cryptocurrency exchanges over the past two years, the security firm ClearSky Cyber Security reports.
Fraudsters are now deploying the IcedID banking Trojan via phishing campaigns that use the COVID-19 pandemic as one of several lures, according to Juniper Threat Labs.
A spear-phishing campaign is using military-themed malicious Microsoft Office documents to infect devices, according to researchers at Cisco Talos. The analysts also found this campaign is using a previously unknown dropper called IndigoDrop to spread a weaponized version of Cobalt Strike.
The surge in phishing campaigns and other types of fraud using COVID-19 themes has diminished in recent weeks, according to the Microsoft Threat Protection Intelligence Team, which asserts in a new report that such campaigns were never a dominant threat.
Several Nigerian nationals have been indicted for their alleged involvement in business email compromise campaigns from 2015 to 2017 that targeted U.S. businesses.
A cyberespionage campaign that targeted aerospace and defense firms in Europe and the Middle East likely was the work of a hacking group with ties to North Korea, according to security firm ESET. Attackers also attempted a BEC-style scheme.
Scammers are looking to capitalize on the extortion campaigns being conducted by the Maze ransomware gang and others by demanding thousands of dollars in ransom to not release data they claim to have exfiltrated when in fact no attack took place and no data was removed, according to security firm WebARX.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
