A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
The Emotet botnet, which recently surged back to life after a months-long hiatus, is now delivering the Qbot banking Trojan to victims' devices, security researchers say. So far, they've identified about 800,000 malicious emails attempting to spread the botnet.
Twitter says attackers who hijacked more than 130 high-profile Twitter accounts used social engineering to bypass its defenses, including two-factor authentication on accounts. Experts say companies must have defenses in place against such schemes, which have long been employed by fraudsters.
A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal users' data as well as their cryptocurrency wallets.
An Iranian-backed hacking group appears to have accidentally left over 40 GB of training videos and other material exposed online, according to researchers at IBM, who found the unprotected server. The material includes videos describing attacks aimed at U.S. Navy and State Department personnel.
Criminals are continuing to capitalize on the new opportunities being created by the ongoing COVID-19 pandemic to hone their phishing, scams, ransomware and other schemes, says Craig Jones, who leads the global cybercrime program for INTERPOL.
The U.S. should restore the position of cybersecurity coordinator at the White House because the number of threats against the nation is increasing, several security experts testified this week at a House hearing. But some Republicans question whether the move would create unnecessary bureaucracy.
The operators behind a family of Brazilian banking Trojans are expanding their operations to other parts of Latin America as well as North America and Europe, according to Kaspersky. Some of these malware variants have been re-engineered to better avoid security tools.
The latest edition of the ISMG Security Report analyzes the latest developments in banning Huawei technology from 5G networks. Also featured are discussions of how to respond better to cybercrime and whether we're on the cusp of a digital currency revolution.
While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.
It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.