Not all ransomware groups wield crypto-locking malware. Some have adopted other strategies. Take BianLian. After security researchers released a free decryptor for its malware, instead of encrypting files, the group chose to steal them and demand ransom solely for their safe return.
Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. Chinese security researchers say they found code designed to monitor users inside Pinduoduo versions.
A Bulgarian woman extradited to the United States for her role in a $4 billion crypto pyramid scheme adds to a growing list of law enforcement actions against perpetrators of the OneCoin Ponzi scheme. OneCoin generated $4 billion in fraudulent revenue and earned profits of close to $3 billion.
Forrester recently published a report that shows over two-thirds of European security decision-makers have begun to develop a zero trust strategy, and public sector organizations are leading the way. Forrester's Tope Olufon shares the cultural and regulatory roadblocks to zero trust.
Nearly 50,000 documents containing personal information of special education students who live in New York City and attend public school there were recently found exposed on the internet in an unsecured database. Some of those records date back to 2018.
Days after federal agents arrested the alleged administrator of criminal underground forum BreachForums, the new admin who took over announced that he is shutting down the site. User "Baphomet" said he spotted a suspicious server logon early Sunday afternoon.
Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.
Bitcoin ATM manufacturer General Bytes suspended its cloud services supporting more than 15,000 machines after a hacker exploited a vulnerability in its software to steal user passwords and private keys and made off with cryptocurrency worth millions of dollars.
Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.
An Alabama cardiovascular clinic is facing a proposed class action lawsuit filed by one of the nearly 442,000 individuals affected by a data exfiltration breach reported last month. The lawsuit seeks a detailed list of security improvements by the clinic and 10 years of court compliance monitoring.
Video piracy is a major concern for security teams in the media industry. Commander Praveen Kumar, global CISO of media conglomerate Zee Entertainment and winner of ISMG's Dynamic CISO Excellence Award for ROI Champion, shares his secret for reducing piracy by 85%.
ISMG presented the 2023 Dynamic CISO Award to Vaibhav Tole, director of global cybersecurity at Cyient, who developed skills internally and created a team to handle incident response in-house. ISMG caught up with Tole at the conference to understand how he is doing more with less these days.
There is a need to mark security controls to the threats that are out in the market, says Durga Prasad Dube, who is the executive vice president with Reliance Industries. By continually evaluating controls, organizations can create greater efficiencies and increase resiliency, he says.
Criminal hackers are targeting South Koreans with an Android Trojan that dupes victims into handing over payment card data by faking phone conversations with lenders. Developers are using "several unique evasions that we had not previously seen in the wild," Check Point researchers write.
Last year was another bonanza in zero-days for Chinese state hackers, say security researchers in a report predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. "Attackers seek stealth and ease of exploitation," writes cybersecurity firm Mandiant.