The Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.
Using the largest repository of breached credentials in the world, SpyCloud has analyzed breach data tied to Fortune 1000 employees to understand what information is out there and how it can be used to commit fraud. In this video, SpyCloud Head of Product Strategy Chip Witt will walk through SpyCloud's analysis of...
Ransomware continues to be a highly profitable cybercrime. Ransomware incident response firm Coveware reports that for the third quarter of this year, the average ransom amount paid was $41,198, a six-fold increase from the same period last year, driven by strains such as Ryuk and Sodinokibi.
For Russian-speaking hackers, ransomware used to be taboo. But GandCrab killed all such ethical qualms, democratizing ransomware-as-a-service, paving the way for new profit-sharing schemes such as Sodinokibi and driving a new generation of attackers to master advanced hacking skills, a new report finds.
A trio of domain name registrars are mandating a password reset after a breach affecting about 22 million accounts occurred in late August. Web.com and two of its brands, Network Solutions and Register.com are contacting victims via email.
Calling election security a "national emergency," nearly 100 past and current Democratic and Republican lawmakers and other government officials have sent a letter to the Senate calling for passage of stalled legislation.
Senior government officials in at least 20 countries, including the U.S. and India, were targeted earlier this year with hacking software that used Facebook's WhatsApp to take over users' phones, Reuters reports, citing sources familiar with the messaging company's investigation.
In the new world of ubiquitous connected devices and myriad cybersecurity alerts, artificial intelligence and machine learning can enable autonomous response - a boon to overworked security teams, says Darktrace's Mariana Pereira.
Bulletproof proxies have taken the concepts of anonymity and availability and embedded them in automated bot attacks. How can organizations identify and stop these attacks? Ameya Talwalkar of Cequence Security shares insights.
Cybercriminals are targeting users of Microsoft's Office365 subscription services with phishing campaigns that uses fake voicemail messages in an attempt to steal victims' credentials and other information, according to researchers at the security firm McAfee.
Two hackers have pleaded guilty in connection with an extortion campaign tied to the theft of data on about 57 million Uber customers and drivers. The incident led to a massive fine against the ride-sharing company for its tardy breach notification and weak security.
One major challenge with combating cybercrime in the 2020s and beyond appears destined to be attackers launching a greater number of "smaller-value crimes" so they can better stay "below the radar" of law enforcement, says the Global Cyber Alliance's Andy Bates.
Many HIPAA enforcement actions taken by federal regulators have chastised organizations for their poor security risk assessments. In light of this ongoing challenge, HHS has released an updated version of its security risk assessment tool, which includes improved asset and vendor risk management features.
It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities.