Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.
Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.
Election campaigners Michael Blake and Cynthia Wallace discuss the need for accurate information and community involvement to protect electoral integrity and empower underrepresented voters. Strategies for countering misinformation range from sourcing internet posts to hosting barbershop meetings.
Phishing attacks often feel like an unrelenting tsunami, flooding your organisation with a never-ending deluge of threats.
Traditional methods for analysing and mitigating phishing attacks are manual, repetitive and error-prone. These workflows slow the speed at which you can mitigate a spear-phishing attack and...
A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase. At least 100 victims, including crypto company employees, have fallen for the scam.
North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.
A watchdog report reveals how Heartland Tri-State Bank CEO Shan Hanes allegedly defrauded a local church and investment club in Kansas out of $47.1 million through a "pig-butchering" cryptocurrency scam that ultimately caused the bank to fail in 2023.
In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.
Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400 million. The combined solution will help customers fight identity fraud.
Don't click phishy links. Everyone knows that. But are your end users prepared to quickly identify today's tricky tactics being used by bad actors? Probably not. Cybercriminals have moved beyond simple bait and switch domains. They're now employing a variety of advanced social engineering techniques to entice your...
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
While ransomware groups rightly have a reputation for being morally and ethically bankrupt, many do play things straight with their victims. But RansomedVC is a notable exception. In some ways, it is "more dangerous" because of its expert ability to lie, according to researcher Jon DiMaggio.
Rumors are swirling about how the Department of Health and Human Services lost about $7.5 million in grant payments through a series of cyberattacks last year, including speculation over whether the incidents involved sophisticated AI-augmented spear-phishing or more commonplace fraud schemes.
It wasn't a sophisticated hack on Jan. 9 that allowed hackers to briefly take control of an official U.S. Securities and Exchange Commission social media account, the agency said Monday. The hackers simply scammed the account's mobile phone provider in a SIM swap attack.
Hackers have reportedly stolen about $7.5 million from a Department of Health and Human Services grant payment system in a series of cyberattacks last year. The news comes in the midst of HHS and other authorities warnings about rising threats involving social engineering and payment scams.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.