Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers. A government spokesperson said Tuesday the campaign targets government agencies and media organizations.
Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.
Possibly Russian hackers likely compromised the official email address of Ukraine's embassy in Tajikistan to send phishing emails to organizations located in central Asia, Israel and India. The Computer Emergency Response Team of Ukraine tracks the campaign as UAC-0063.
The mastermind behind a criminal website that sold tools for scammers who defrauded victims globally of more than 115 million euros received a 13-year, four-month prison sentence in the United Kingdom just months after law enforcement seized the site.
While historically the origin of most business email compromise (BEC) attacks has been West Africa, residing in Nigeria certainly isn’t a requirement for BEC attackers. Indeed, the subject of this report is a sophisticated threat group based in Israel.
The group is unique in that they impersonate executives and...
While the concept of zero trust has been around for years and has been adopted by the federal government, most small- and medium-sized businesses still don't know how to implement zero trust, said Chase Cunningham. But progress is being made - with a big focus on automation.
As IT and OT systems converge with the adoption of Industry 4.0, the security risk to OT systems and IoT devices is high. To secure the enterprise, organizations need network segmentation tools to scan for malicious content across the OT environment, says Ivan Issac of OPSWAT.
Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.
The pandemic brought about notable shifts in technology and cybersecurity. It also widened the attack surface, making it bigger than ever before. This change is driven by factors such as hybrid workplaces, cloud migration and SaaS dependencies, according to SANS Institute's Ed Skoudis.
Iranian hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq. A group's newly dubbed "Educated Manticore" is sending Iraq-themed bait to coax deployment of an implant known as PowerLess.
The dark web is an ideal platform for planning dangerous crimes, which is why India's state of Kerala has coordinated cybersecurity experts and law enforcement officials, said Manoj Abraham, additional director general of police for the Government of Kerala.
A suspected Pakistan espionage threat actor that relies on phishing emails is expanding to the education sector after years of focusing on the Indian military and government. Security researchers from SentinelLabs say Transparent Tribe is using malicious documents laced with Crimson RAT malware.
Watch this 45-minute webinar and listen to the conversation where we delve into current threat trends and provide real-world examples of these attacks, enabling you to better prepare for and safeguard your most valuable assets: your data and your people.
North Korean hackers who use social engineering tactics for espionage have learned that less is more when it comes to coaxing victims into clicking a malicious link. Hackers that Google tracks as Archipelago might not introduce a malicious link until after a chain of emails has been exchanged.