The latest edition of the ISMG Security Report discusses how ransomware groups continue to refine their shakedown tactics and monetization models, highlights from this year's Black Hat conference and why helping those below the "InfoSec poverty line" matters to businesses.
Research by Dun & Bradstreet says business identity fraud jumped 254% in 2020. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.
Signal says 1,900 of its customers have been affected by the recent phishing attack on its third-party vendor Twilio. Signal says phone numbers and SMS verification codes of 1,900 customers are compromised, potentially transferring access of these accounts to the attackers.
The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple...
In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.
Security executives at Black Hat USA 2022 discuss the latest cybersecurity trends from confidential computing and unified threat hunting languages to attack surface management and recovery services, social engineering campaigns and blockchain vulnerabilities.
It feels like we hear about a new devastating cyberattack in the news every day, and attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard “click and infect” attack vectors?
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and...
Cisco says it fell victim to a successful hack attack and data breach in May. While an attacker wielding Yanluowang ransomware claimed to have exfiltrated data and crypto-locked systems, Cisco says nothing sensitive was stolen and no systems were infected by ransomware.
Cloudflare credits hardware multifactor authentication with preventing bad actors behind a targeted phishing campaign from gaining access to its internal systems. Although attackers siphoned employee credentials, the hard key authentication requirement stopped attackers from snatching a soft token.
More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.
Twilio, which runs a customer engagement platform used by thousands of businesses, says that its employees were tricked via SMS phishing messages into giving attackers their login credentials, resulting in the theft of information on customers, as well as their customers and end users.
No matter how much security technology we purchase, we still face a fundamental security problem: people. This session will explore the different levers that social engineers scammers pull to make us more likely to do their bidding. Join Jacqueline Jayne (JJ), KnowBe4's Security Awareness Advocate as she shares her...
The US Consumer Financial Protection Bureau reportedly plans to release new guidance requiring banks to reimburse consumers for certain money-transfer service scams. Ken Palla, former director at Union Bank, says banks might look to the U.K. for examples of how to stop authorized push payment fraud.
Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.
The cybercriminals behind BlackCat ransomware have upgraded their arsenal by adding Brute Ratel, a pen-testing tool with remote access features that are used by attackers. The group targets large corporations in different industry segments across the U.S., Europe and Asia.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.