Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.
Criminals in China increasingly keep a low profile on public-facing forums and rely on Telegram and other encrypted foreign messaging apps to discreetly coordinate their activities or sell wares, according to a new report charting how the Chinese cybercrime ecosystem continues to evolve.
Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.
The Change Healthcare attack is already providing valuable lessons to healthcare firms - mostly about the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
Hackers are mass-exploiting a recently disclosed critical authentication bypass vulnerability in on-premises versions of TeamCity. JetBrains fixed the bugs in a Monday update, but researchers warn users running unpatched instances to assume compromise.
This week, VMware handled critical vulnerabilities, Capita reported losses, the NSA pushed for zero trust, malware exploited aNotepad, a Taiwanese telecom was breached, the Swiss government dealt with ransomware attack fallout, fake meetings spread malware, Amex was breached and PetSmart was hacked.
Cybercrime reports submitted by victims to the FBI's Internet Crime Complaint Center surged last year, and the total reported losses exceeded $12.5 billion. Investment fraud and business email compromise losses dominated, and ransomware attacks spared almost no critical infrastructure sector.
Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.
As the fallout continues in the Change Healthcare IT outage, the U.S. healthcare ecosystem is anticipating the next bombs to drop in what's shaping up to be the worst cyberattack the sector has experienced so far. What should entities be considering as they push forward in the recovery?
The healthcare sector should have plenty of experience responding to data security incidents and breaches, especially in light of the record number of breaches reported last year. But when leaders are dealing with an incident, response plans can go awry. Experts offer tips for avoiding mishaps.
A cyber threat actor is shifting tactics from conventional malware delivery to a targeted focus on acquiring NT LAN Manager authentication information to potentially collect sensitive data and perform other malicious actions. The campaigns have targeted hundreds of organizations globally.
German police say they arrested operators behind one of the largest cybercrime underground marketplaces in the country and seized its domains as part of a two-year-long investigation into the group. Police arrested three suspected operators of the platform, including the alleged site admin.
Two weeks into a major cyberattack-induced outage at its Change Healthcare business, UnitedHealth Group is offering short-term financial aid to some healthcare providers whose cash flows may be running short because of the disruption in insurance payments. But not everyone is impressed.
The rapid rise of artificial intelligence technologies poses new risks. Enterprises using AI must regularly scan for prompt injection attacks, implement transparency in the supply chain and reinforce built-in software controls to serve their company's security needs, Microsoft said.
A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase. At least 100 victims, including crypto company employees, have fallen for the scam.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.