The IRS has issued a news release to remind professional tax preparers that they are required by law to have a data security plan to protect taxpayers' sensitive information from potential security threats.
BEC scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel.
Microsoft is currently in the process of developing significantly better manual threat hunting features for the Office 365 Threat Explorer, to be rolled out to all environments during August.
An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's Defiant Threat Intelligence team.
A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with LooCipher, do not pay the ransom and instead follow the instructions below.
Over the weekend, privacy concern were raised regarding how Microsoft Edge is uploading the URLs to SmartScreen. After further testing by BleepingComputer, we learned that Windows 10 also transmits a great deal of potentially sensitive information about your applications to SmartScreen when you attempt to run them.
Under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks after successful exploitation of an arbitrary file copy vulnerability in the mod_copy module.
Hackers are exploiting vulnerable Jira and Exim servers with the end goal of infecting them with a new Watchbog Linux Trojan variant and using the resulting botnet as part of a Monero cryptomining operation.
Compromising an employee's email account can be profitable for BEC scammers and for distributing malware, but being able to gain access to an email domain's administrator account is a jackpot. For this reason, it is important to be aware of phishing scams that are not targeting an organization's users, but rather their administrators
The U.S. Internal Revenue Service (IRS) failed to implement a good deal of security controls recommended over the years, leaving financial reporting and taxpayer data vulnerable to "inappropriate and undetected use, modification, or disclosure."
A contractor for the Russian Federal Security Service (FSB) has been hacked and secret projects that were being developed for the intelligence agency were leaked to Russian Media. These projects detail Russia's attempt to de-anonymize users on the Tor network, collect data from social networks, and how to isolate the Russian internet
What a week. Every day we see a new city, police station, college, government agency, or company being affected by a ransomware attack. To make matters worse, they are getting hit with targeted ransomware that asks for a hefty price to get a decryptor.
Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.
A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if you send them $2,000 in bitcoins. Pretending to be from a state police detective is a new twist, but what really stands out is that they also include a contact phone number that can be used to call the
Mozilla and the Tor Project are in the early stages of exploring the inclusion of Tor's private browsing features within the Firefox web browser in the form of a privileged extension.
WizzAir today announced its customers that their account password has been automatically reset due to a technical issue in the system.
A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.
A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer.
Nine years and more than 8,500 security bug reports later, Google decided to increase the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program.
Attackers have created a fake Office 365 site that is distributing the TrickBot password-stealing Trojan disguised as Chrome and Firefox browser updates.