Generative AI tools can save phishing actors 16 hours of work designing a scam email, but still can’t match a human knack for crafting more convincing missives, according to new IBM research. Social engineering expert Stephanie Carruthers revealed details of a new research project today, in which her team sought to understand whether generative AI
Oct 24, 2023NewsroomCyber Fraud / Cyber Crime Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms,
The International Criminal Court (ICC) has revealed that a September cyber-attack on its IT systems was a highly targeted espionage attempt, although attribution thus far remains elusive. The Netherlands-headquartered tribunal, which tries individuals suspected of war crimes and crimes against humanity, first posted a brief message about the breach at the end of September. However,
Oct 21, 2023NewsroomZero-Day / Vulnerability Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and
The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries and 125 countries, revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to
Video ESET’s analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governments 20 Oct 2023 This week, ESET researchers announced the release of a report that looked at more than a dozen publicly documented malicious campaigns targeting Latin America between 2019
Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France. “In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar
Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts. The DarkGate and Ducktail
Business Security How robust backup practices can help drive resilience and improve cyber-hygiene in your company Phil Muncaster 18 Oct 2023 • , 5 min. read Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into
Oct 21, 2023NewsroomData Breach / Cyber Attack Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury,
The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA). The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency
Business Security Knowledge is a powerful weapon that can empower your employees to become the first line of defense against threats Phil Muncaster 19 Oct 2023 • , 5 min. read It’s Cybersecurity Awareness Month (CSAM) time again this October. This is an awareness-raising initiative that spans both consumer and corporate worlds, although there’s plenty
Oct 20, 2023NewsroomMalvertising / Cyber Threat Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it’s “unique in its way to fingerprint users and distribute time sensitive payloads.” The attack singles out
A man has been extradited from the UK to the US for allegedly operating a website that sold access to compromised computer credentials. Sandu Diaconu, 31, from Moldova, has been charged by the US with conspiracy to commit access device and computer fraud, wire fraud conspiracy, money laundering conspiracy, access device fraud, and computer fraud.
An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. “The actors behind the attack used spear-phishing
ISACA, a global association of information systems auditors and control professionals, is rapidly growing in Europe, and at a faster rate than in North America, thanks to the strong demand and capability in the region. The Association is also setting out an “aggressive growth strategy” to grow membership and capabilities. “We have an extensive network
ESET Research ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting 17 Oct 2023 • , 3 min. read Much like the life and mysterious demise of Pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America (LATAM) remains shrouded in mystery.
Oct 18, 2023NewsroomEnterprise Security / Vulnerability Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions – NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler
Online phishing scams are becoming more frequent and more sophisticated, according to the Online Authentication Barometer, published by the FIDO Alliance on October 16, 2023. When asked about phishing attacks, over half (54%) of respondents to the FIDO Alliance survey said they have seen an increase in suspicious messages and scams. Meanwhile, 52% believe phishing
Oct 17, 2023The Hacker NewsData Security / Infosec Webinar Financial data is much more than just a collection of numbers; it is a crucial component of any business and a prime target for cybercriminals. It’s important to understand that financial records can be a veritable treasure trove for digital pirates. A security breach not only
The encrypted messaging app Signal has refuted widespread claims of a zero-day software vulnerability. After an investigation, the company has found no substantiated evidence supporting the existence of this purported flaw. In a series of social media posts on X (formerly Twitter), Signal stated that they had found no evidence of the claimed vulnerability and
Oct 16, 2023NewsroomMalware / Mobile Security The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure. Besides requesting invasive permissions to access
CISO salary growth has slowed with 20% receiving no raise at all in 2023, according to a new study by IANS Research and Artico Search. The research found an average total compensation increase of 11% over the past 12 months. This represents a reduction of 14% from the previous year. The average base salary increase
Business Security How CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiatives Phil Muncaster 11 Oct 2023 • , 4 min. read Building a safer digital world requires action on several fronts. Initiatives like Cybersecurity Awareness Month (CSAM) are great opportunities to remind the general public of important
Oct 13, 2023NewsroomEndpoint Security / Cyber Attack European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void
Email security provider Cofense has discovered a new phishing campaign comprising over 800 emails and using LinkedIn Smart Links. The campaign was active between July and August 2023 and involved various subject themes, such as financial, document, security, and general notification lures, reaching users’ inboxes across multiple industries. The financial, manufacturing and energy sectors are
Video Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises 13 Oct 2023 This week, the US Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing solid evidence of active
Oct 14, 2023NewsroomAuthentication / Endpoint Security Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. “The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on
The UK’s financial regulator has fined Equifax Ltd. over £11m ($13.4m) for failing to protect UK consumer data stolen in the notorious 2017 data breach. The Financial Conduct Authority (FCA) announced the financial penalty on October 13, 2023. The FCA stated that Equifax’s UK business failed to take appropriate action to protect the personal data
Cybercrime Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack Cameron Camp 11 Oct 2023 • , 3 min. read Squashing malware groups involves imposing steep costs on small ad hoc groups. But those actions are slowly
- « Previous Page
- 1
- …
- 27
- 28
- 29
- 30
- 31
- …
- 130
- Next Page »