Industrious attackers are using cutting-edge deepfake and AI technologies to blend impersonation and social engineering attacks. Robust processes that include checks and balances and improved proving awareness of staff and customers are the keys to preventing them.
Iran-aligned threat actor TA450, also called MuddyWater, is using fake salary, compensation and financial incentive emails to trick Israeli employees at multinational organizations into clicking malicious links, according to researchers at security firm Proofpoint.
A Russian hacking group is targeting German political parties as part of a Moscow-backed espionage campaign. The latest APT29 campaign marks the first time the group has been seen targeting political organizations, according to researchers at Mandiant.
Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.
Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.
Election campaigners Michael Blake and Cynthia Wallace discuss the need for accurate information and community involvement to protect electoral integrity and empower underrepresented voters. Strategies for countering misinformation range from sourcing internet posts to hosting barbershop meetings.
Phishing attacks often feel like an unrelenting tsunami, flooding your organisation with a never-ending deluge of threats.
Traditional methods for analysing and mitigating phishing attacks are manual, repetitive and error-prone. These workflows slow the speed at which you can mitigate a spear-phishing attack and...
A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase. At least 100 victims, including crypto company employees, have fallen for the scam.
The surge in authorized push payment fraud in APAC underscores the urgent need for enhanced cooperation between banks and telecommunications companies. Both players should tap into AI and ML technologies for better fraud detection and real-time authentication, said Mel Migriño of Gogolook.
North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.
Security leaders from a wide range of industries explored the latest cybersecurity trends and issues -including Web 4.0, generative AI, automation, data protection and regulatory compliance - at ISMG's DynamicCISO Excellence Awards and Conference 2024 in Mumbai.
Poor credential management practices hit Australian organizations hard in late 2023, accounting for a majority of cyber incidents affecting millions of people, the Australian Information Commissioner said. Compromised or stolen credentials account for 1 in 4 data breaches.
A watchdog report reveals how Heartland Tri-State Bank CEO Shan Hanes allegedly defrauded a local church and investment club in Kansas out of $47.1 million through a "pig-butchering" cryptocurrency scam that ultimately caused the bank to fail in 2023.
In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.
Researchers at South Korean cybersecurity company S2W attributed a new malware campaign that targeted South Korean organizations to North Korean cybercrime group Kimsuky. The hackers disguised their malware installer as a security program installation file to deceive victims and steal their data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.