Now that ransomware developers know that they can earn monstrous payouts from local cities and insurance policies, we see a new government agency, school district, or large company getting hit with a ransomware attack every day.
Attackers are using fake Google domains spoofed with the help of internationalized domain names (IDNs) to host and load a Magecart credit card skimmer script with support for multiple payment gateways
The notorious Mydoom email worm, considered to be one of the most damaging malware strains ever developed, is still doing rounds on the Internet, working on autopilot and actively targeting email users all over the world.
Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free.
The effects of successful misinformation or disinformation campaigns from foreign state actors can be as divisive as disagreements on pineapple making a good pizza topping or not.
Spam operators using bots to promote adult-themed services change their tactics to avoid Instagram's detection mechanism. Redirects remain the main stratagem but they come with other tricks meant to push the user towards a particular website.
Security outfit Immunity has included a fully working BlueKeep exploit in their CANVAS automated pentesting utility with the release of version 7.23, on July 23.
Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks.
If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header.
A phishing campaign using WeTransfer notifications as surrogates for the run-of-the-mill malicious URLs usually employed in these type of attacks was recently detected while successfully bypassing email gateways developed by Microsoft, ProofPoint, and Symantec.
A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.
A botnet of over 400,000 IoT devices held a 13-day distributed denial-of-service (DDoS) siege against the streaming app of a company in the entertainment business.
A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago.
The Robinhood stock trading site is alerting users that passwords were stored in their system in human readable format, otherwise known as clear text. While no foul play was detected, this could have allowed employees or unauthorized users to view an account's password.
Malwarebytes has released AdwCleaner 7.4 and with it comes a new feature that will detect and remove preinstalled software that is typically added to generate revenue for the hardware developer and thus reduce the device's cost.
A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.
BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.
Through the analysis of over 3.9 million posts on underground hacker and malware forums, a new report illustrates the most common malware and threats being discussed.
The IRS has issued a news release to remind professional tax preparers that they are required by law to have a data security plan to protect taxpayers' sensitive information from potential security threats.
BEC scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel.