Hackers are exploiting OAuth applications to compromise user accounts, manipulate and confer elevated privileges, and set up cryptomining operations, which has cost some organizations up to $1.5 million in losses, according to Microsoft's Threat Intelligence team.
Russia and China are expert at picking the "most difficult nexuses" in society - such as free speech protections in the United States - and using them against us, said Jeff Moss, creator of the Black Hat conference, as he outlined near-term geopolitical challenges facing cybersecurity defenders.
Major government agencies in the United States intend to apply artificial intelligence, but the majority of planned use cases are still at the planning stage, a congressional watchdog said. Missing from those efforts is governmentwide guidance on the acquisition and use of AI technologies.
Check fraud, scams and account takeovers dominated the fraud landscape in 2023. Banks and other financial institutions are expected to continue to struggle with account takeovers as fraudsters have changed their modus operandi, making it difficult to track fraudulent proceeds.
Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative. Experts are warning security researchers and journalists to beware being co-opted.
A U.K. parliamentary committee investigating ransomware threats recommended a more aggressive stance against threat actors and said the government should consider making incident reporting mandatory and provide government support for public sector victims "to the point of full recovery."
North Korean hacking group Lazarus Group is exploiting Log4Shell to target manufacturing, agriculture and physical security sectors, resulting in the deployment of a tailored implant on compromised systems. The attack campaign targeted publicly accessible VMware Horizon servers.
Ukrainian telecom operator Kyivstar was the target of a cyberattack that knocked internet access and mobile communications offline on the same day Ukrainian President Volodymyr Zelenskyy is in Washington to boost the case for additional military aid.
The U.K. government has sanctioned 14 individuals and groups that illegally employed human trafficking victims in online crypto and investment scams. Sanctioned individuals include a Chinese national previously targeted by the U.S. Treasury for running a gambling and trafficking business in Laos.
Spanish national police on Sunday arrested an alleged key money laundering figure of the profit-seeking Kelvin Security hacking operation. They detained a Venezuelan national who reportedly entered the country as a tourist. Police said the man is the head of the group's money laundering operation.
A Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.
As the adoption of real-time payments increases, the United States will likely see an increase in scams, which will further fuel the debate about reimbursement models for FedNow and RTP networks, said Peter Tapling, board member at the U.S. Faster Payments Council.
Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement. Experts warn that disruptions too often remain short-lived, as operators reboot under different names and affiliates go independent or work with a bevy of rival services.
In the future, deepfake technology will have a significant impact on newer forms of authentication such as voice and facial recognition and pose new challenges to defenders, said Ofer Friedman, chief business development officer at AU10TIX, an Israel-headquartered identity verification company.
In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of ex-Uber CISO Joe Sullivan.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.