Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.
A large-scale phishing-as-a-service operation is shifting tactics to allow attackers to avoid anomaly detection by using localized IP addresses, warns Microsoft. The U.S. Secret Service has reported that BEC incidents cost global enterprises more than $43 billion in losses over a five-year span.
MiCA's consumer protection provisions extend to cybersecurity, with its anti-money laundering, cyberattack liability and travel rule clauses. ISMG contributors Ari Redbord of TRM Labs and Troy Leach of Cloud Security Alliance discuss its impact on cybercrime, compliance challenges and the way ahead.
Taiwan was buffeted during April by a three-day surge in malicious emails that increased to four times the usual amount, a reflection of increased tensions in the Taiwan Strait, say threat analysts. Following the wave, Trellix observed a 15-fold increase in PlugX infections.
New entrants LexisNexis Risk Solutions and F5 joined longtime leaders Experian and IBM atop KuppingerCole's Leadership Compass for fraud reduction intelligence platforms. Leading vendors help users detect bots and have capabilities spanning different sectors from finance to payments to e-commerce.
While security tools have become more adept at detecting payloads in emails, attacks that lack known indicators and rely instead on impersonation/social engineering tactics are successfully bypassing these traditional controls and reaching inboxes. If an organization’s email security controls are not effective...
Business Email Compromise (BEC) is “one of the most financially damaging online crimes” according to the FBI. It is a cunning form of email impersonation that, when combined with human error, can be incredibly disruptive and damaging. Phishing and Account Takeover (ATO) attacks target employees and trick them into...
The expanding RTP landscape represents a definitive transformation in how consumers and organizations interact.
Constantly evolving payments demand agile tools, practices, and processes that enable greater defense against continually manifesting scams and fraud. The FedNow Service launch is right around the...
The LockBit ransomware group on Tuesday published 1.5 terabytes of data the group says it stole from Bank Syariah Indonesia after ransom negotiations broke down. The group says the records include information of about 15 million customers and employees of the country's largest Islamic bank.
In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.
In this week's data breach roundup: the Philadelphia Inquirer, Swiss multinational ABB, French electronics manufacturer Lacroix, the U.S. Department of Transportation employee data and more. Dallas is still recovering from a ransomware attack and researchers infiltrated a ransomware group.
Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.
The BianLian ransomware group is abandoning malicious encryption in favor of pure extortion, warns the U.S. top cybersecurity agency. A major likely factor in BianLian's shift was cybersecurity firm Avast's January release of a free decryptor.
Data443 has bought Cyren's threat intelligence, URL categorization and email security technology out of bankruptcy for up to $3.5 million. Buying Cyren's anti-spam, virus outbreak detection, IP reputation, URL filtering and Threat InDepth data feeds will boost Data443's existing product portfolio.
Ukraine's top cybersecurity agency says Russian hackers took a sudden interest in obtaining personal data and mounted successful attacks against more than one-third of the country's largest insurers. It predicts the stolen data may end up for sale on the dark web.