Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows.
The Cereberus banking Trojan and info stealer was found posing as a legitimate money converter app in the Google Play Store, where it was downloaded more than 10,000 times, according to Avast Mobile Threat Labs.
A credit card skimmer that has been operating since April is specifically targeting sites hosted on Microsoft IIS servers that are currently running an out-of-date version of ASP.NET, according to security firm Malwarebytes. About 27 million websites still use this now unsupported software.
Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.
The latest edition of the ISMG Security Report discusses global progress on adopting standard digital identifiers. Plus, a former cybercriminal discusses emerging fraud trends, and an update on the evolution of e-signatures.
Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs. The malware operators are using unsecured DNS protocols to exfiltrate the data.
A Russian national charged in connection with co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty.
Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro, which says five of those cities had already been victims of similar Magecart-style attacks in recent years.
Troy Leach of the PCI Security Standards Council discusses how the shift to card-not-present transactions during the COVID-19 pandemic has created new fraud-fighting challenges and offers an update on pending standards revisions.
Without ever confronting an organization's email perimeter, it's easy for cybercriminals to impersonate a brand on the internet. Even unsophisticated attackers can spoof your email domain or host a fake website designed to trick customers, suppliers and employees. Join us to learn about the tactics cybercriminals are...
The FBI is warning that cybercriminals and fraudsters are increasingly targeting mobile banking apps with malware in order to steal credentials and conduct account takeover attacks. The shift to mobile banking has increased since the COVID-19 pandemic.
Addressing digital payment security challenges requires having good identity verification capabilities as well as a strong authentication process that's friction-free for consumers, says Singapore-based Gautam Aggarwal, senior vice president and regional chief technology officer, Asia Pacific, at Mastercard.
The shift to working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns, with attackers targeting remote workers whose devices lack adequate security protections, according to the security firm Lookout. Many of these campaigns are designed to steal users' banking credentials.