Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S. in 2015 for criminal hacking on behalf of private investigators.
A shift to passwordless authentication would help mitigate the risk of phishing attacks and identity theft, says Malaysia-based Shankar Krishnan, CISO and head of information security at Axiata Digital, who offers implementation insights.
As businesses settle into a hybrid world of on-prem, public cloud, private cloud infrastructure with security delivered as a service and all of this overlaid with the concept to Zero Trust, what is left? Companies will have the data they are trying to protect and the identity of the user trying to access something. As...
Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security.
Identity is you. Identity is the behaviour, devices, access, and attributes that are unique to you as an individual in the workplace. But identity is complex. Every employee has their own identity, so every identity needs to be properly managed. Otherwise, the wrong users can access the wrong apps and resources,...
Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
Australian shipping giant Toll Group recently suffered its second ransomware outbreak of the year, with Thomas Knudsen, the company's managing director, branding the latest attack as being "serious and regrettable." But was it preventable?
Attacks targeting cloud-based data nearly doubled in 2019 as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report. Observers expect the trend to continue this year.
ARCHER, a British high-performance computing system for academic and theoretical research, has been offline since May 11, when a "security incident" forced the University of Edinburgh to take down the supercomputer. The security incident also affected supercomputers in other parts of Europe, university officials say.
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.
Australian shipping giant Toll Group has vowed to again not pay a ransom after suffering its second ransomware attack of the year. In the latest incident, however, the company warns that attackers also stole corporate data - and it may get leaked.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Five suspected members of the InfinityBlack hacking group have been arrested, and authorities in Europe say they've seized two databases with more than 170 million entries, including combinations of stolen usernames and passwords.
Authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password-spraying campaigns" by advanced persistent threat groups seeking to steal COVID-19 research data. Security experts outline defensive steps that organizations can take.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.