Stop me if you think you've heard this one before: Some ransomware attackers are hiding attack code in virtual machines or creating new leaking sites to pressure victims into paying.
The hacking group "Pioneer Kitten," which has suspected ties to the Iranian government, is taking advantage of several unpatched vulnerabilities and using open source tools to target U.S. businesses as well as federal government agencies, according to the Cybersecurity and Infrastructure Security Agency.
From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe's Magento software, possibly resulting in the theft of payment card data, according to Sanguine Security.
The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies.
A Russian national who is allegedly part of an ongoing disinformation campaign targeting the upcoming U.S. election faces a charge of conspiracy to commit wire fraud, according to the U.S. Justice Department.
Russian, Chinese and Iranian hackers are targeting organizations and individuals associated with the Republican and Democratic U.S. presidential campaigns, Microsoft reports, noting that the majority of the attacks appear to have been blocked.
TeamTNT, a recently uncovered hacking group, is weaponizing Weave Scope, a legitimate cloud monitoring tool, to help install cryptominers in cloud environments, according to reports from Intezer and Microsoft.
When startups succeed, they typically hire more employees to handle increasingly specialized tasks. The same goes for ransomware gangs, which, as they grow, have been hiring experts with advanced hacking, encryption, negotiation and other skills to help take down larger targets, says Coveware's Bill Siegel.
A recently uncovered phishing campaign designed to harvest credentials used companies' official webpages as an overlay to hide malicious domains, according to security firm Cofense.
So-called "cybersquatting" attacks are surging, with financial and e-commerce websites - including those of PayPal, Royal Bank of Canada, Bank of America and Amazon - among the most frequent targets, according to Palo Alto Networks' Unit 42.
A recently uncovered malicious email campaign is delivering to businesses multiple types of malware, including a Trojan designed to steal banking credentials and other financial information, according to a research report from Cisco Talos.
Fraud prevention practices are not keeping up with changes in risks, says Al Pascual, COO at Breach Clarity, who offers insights on leveraging the latest tools.
Proofpoint reports that a Chinese hacking group targeted European organizations, as well as Tibetan dissidents, with a new remote access Trojan called "Sepulcher" as part of a cyberespionage campaign.
Some fraudsters are now using the encrypted instant messaging app Telegram as a fast and easy way to steal payment card data from ecommerce sites, according to an analysis from Malwarebytes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.