A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Account takeover continues to be a
lucrative path for fraudsters across all
industry sectors. But Scott Olson of
iovation says there are different levels of
defense that can be deployed, based on
the risk of specific types of transactions.
Download this eBook to learn more about:
The different manifestations...
You know that "security awareness" is key to a comprehensive security strategy. But just because someone is aware doesn't mean they care. So how can you design programs that work with, rather than against, human nature? Here's the great news. Creating a security awareness strategy that not only educates, but...
Russian national Andrei Tyurin, who was extradited last year from Eastern Europe to the United States, has stated that he plans to accept a plea deal he's reached with federal prosecutors. Tyurin has been charged with numerous crimes, including hacking JPMorgan Chase and stealing 83 million customer records.
Barracuda is out with its latest Spear Phishing Update, and among the key findings: a rise in email account takeover and lateral phishing. Why are enterprise defenses failing to detect these strikes? What new solutions will improve defenses? Barracuda's Michael Flouton shares insights.
This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends.
A global law enforcement operation has resulted in the arrest of 281 suspects allegedly involved in business email compromise scams. The announcement comes on the same day as the FBI's Internet Crime Complaint Center says that losses from BEC scams have hit $26 billion and are continuing to rise.
Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.
With widespread use of Active Directory across industries and organizations of all sizes, it is frequently a target for bad actors who can use a cracking dictionary or exposed credentials to gain unauthorized access to an employee's account.
As a fraud management leader, are you aware that social engineering is a widespread and increasingly common tactic used to takeover customer accounts? Learn more about why social engineering is one of the most dangerous and difficult to stop online crimes.
Following racist and anti-Semitic tweets being posted for a short time to Twitter CEO Jack Dorsey's hijacked account - despite his use of two-factor authentication - Twitter blamed the security lapse on an unnamed mobile provider. A group called "Chuckling Squad" appears to be responsible.