Security Experts:

Cybercrime
long dotted

NEWS & INDUSTRY UPDATES

McAfee says that it has discovered a new global cyberattack campaign that targets nuclear, defense, energy, and financial companies using fileless malware. [Read More]
The French foreign ministry said Thursday its travel alert registry website had been pirated and citizens' personal data "could be misused". [Read More]
Researchers from Group-IB have discovered more than 40,000 compromised user accounts on the Dark Web that appear to be credentials for online government websites in 30 countries. [Read More]
The United States said that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing. [Read More]
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet. [Read More]
Super Micro says it has conducted a thorough investigation following the recent Bloomberg report, but claims it has found “absolutely no evidence of malicious hardware” on its motherboards. [Read More]
The Windows kernel zero-day patched by Microsoft this week has been exploited by several threat actors, including a new group tracked by Kaspersky as SandCat. [Read More]
Several critical infrastructure organizations in Russia have been targeted by hackers believed to be profit-driven cybercriminals rather than state-sponsored cyberspies. [Read More]
Organizations are getting better at detecting breaches on their own, but it still takes them a long time to do it, according to a new report from CrowdStrike. [Read More]
In just one day, researchers found 7,000 "Twitter Amplification Bots", which can be used influence public opinion, increase followers for individual accounts, and be used by spammers, scammers and phishers. [Read More]

FEATURES, INSIGHTS // Cybercrime

rss icon

Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Alastair Paterson's picture
As we continue to gear up for an increase in shopping this holiday season, remember that attackers continue to innovate and update their training and skills regularly.
Siggi Stefnisson's picture
If I have one wish for ‘Cybersecurity Awareness Month,’ it’s that we all need to be aware of the need for innovative responses on the part of the security industry, to counter a threat industry which is innovating both technical and business models at a rapid pace.
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Lance Cottrell's picture
Studying the DNC Hacker case shows just how difficult it is to maintain a false identity in the face of a highly resourced and motivated opponent.
Siggi Stefnisson's picture
The truth is that quite a lot of malware is developed by an organization—an actual office of people that show up and spend their working day writing malware for a paycheck.
Lance Cottrell's picture
Actively investigating and infiltrating criminal groups online is not “hacking back,” but it may provoke that as a response.
Alastair Paterson's picture
Malicious actors have been experimenting with a blockchain domain name system (DNS) as a way of hiding their malicious activity and bullet-proofing their offerings.
Lance Cottrell's picture
Even while using Tor hidden services, there are still many ways you can be exposed and have your activities compromised if you don’t take the right precautions.