New advisory from the UK’s NCSC and the NSA throws fresh light on activity first revealed by Symantec in June. A new report from the United Kingdom’s National Cyber Security Center (NCSC) shows that the Russia-backed cyber espionage group Turla has carried out more attacks than previously thought using infrastructure and malware hijacked from Iranian
From lengthy email signatures to employees’ social media posts, we look at the many ways organizations make it easier for attackers to break in. 1 of 10 Most of your employees likely know better than to send a password via email or open a strange attachment from someone they don’t know. But do they know
‘Tortoiseshell’ discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors. A nation-state hacking group recently found attacking IT provider networks in Saudi Arabia as a stepping stone to its ultimate targets has been spotted hosting a fake website, called “Hire Military Heroes,” that drops spying tools and other malicious code onto
As new Internet of Things products enter the market, speed shouldn’t trump concerns about security. Microsoft made news recently at the annual Black Hat conference in Las Vegas, generating a lot of buzz about its discovery of a malicious Russian hacker group using common Internet of Things (IoT) devices to carry out widespread attacks on
Research presented at DEF CON shows that attackers can hijack Wi-Fi and Bluetooth-connected speakers to produce damaging sounds. Sound can be damaging to physical health — even lethal. And a hacker can generate sounds that can do damage through common Wi-Fi- and Bluetooth-connected devices, according to a research presentation at DEF CON 27. Matt Wixey,
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code. The open source software that the vast majority of organizations include in their critical applications is vulnerable to exploitation from threat actors taking part in its creation. That’s the message from security professionals who point to the nature of open
Cyber thieves aren’t bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered. The approach was simple, a combination email scam and social engineering phone call. All it took was a call to St. Ambrose Catholic Parish, claiming to be Marous Brothers Construction,
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees. A new report sheds light on the practices of two US data recovery firms, Proven Data Recovery and MonsterCloud, both of which paid ransomware attackers and charged victims extra fees. ProPublica researchers were able to
Research shows time to discovery and containment of breaches slowly shrinking, but attackers don’t need a very big window to do a lot of damage.
It’s breach report season and one of the prevailing trends uncovered by security researchers is that organizations are ever-so-slowly improving the window between when a compromise occurs and when it
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is. More than one-quarter of all malware attacks target the financial services sector, which has seen dramatic spikes in credential theft, compromised credit cards, and malicious mobile apps as cybercriminals seek new ways to generate illicit profits.