Security Experts:

WRITE FOR US

LATEST SECURITY NEWS HEADLINES

rss icon

Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks
Google Patches More Under-Attack Chome Zero-days
Swedish Sports Body Hacked by Russians, Officials Say
long dotted

NEWS & INDUSTRY UPDATES

Cisco Patches Critical Flaw in SD-WAN vManage
Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched. [Read More]
Cost of Sandboxing Prompts Shift to Memory-Safe Languages. A Little Too Late?
NEWS ANALYSIS: Google’s decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development. [Read More]
Report: Supplier Impersonation Attacks a Major Risk
Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud. [Read More]
Fake Netflix App Luring Android Users to Malware
Researchers have discovered FlixOnline, new Android malware that uses Netflix as its lure and spreads malware via auto-replies to WhatsApp messages. [Read More]
Facebook Removes 14 Networks Fueling Deceptive Campaigns
Facebook cracks down on deceptive networks, including five that mainly targeted individuals outside their countries and nine focused on domestic audiences. [Read More]
Threat Actors Quick to Target (Patched) SAP Vulnerabilities
A joint report from SAP and Onapsis warns that advanced threat actors are targeting new vulnerabilities in SAP applications within days after the availability of security patches. [Read More]
APT Group Using Voice Changing Software in Spear-Phishing Campaign
Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents. [Read More]
US DoD Launches Vuln Disclosure Program for Contractor Networks
In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities. [Read More]
China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military
Kaspersky researchers warn that China-linked APT group Cycldek using custom malware in a series of recent attacks targeting government and military entities in Vietnam. [Read More]
CISA, FBI Warn of Attacks Targeting Fortinet FortiOS
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]

FEATURES, INSIGHTS // Fraud & Identity Theft

rss icon

Joshua Goldfarb's picture
Debunking the Top User Experience, Security, and Fraud Myths
Joshua Goldfarb - Fraud & Identity Theft
Josh Goldfarb debunks the most common myths surrounding fraud, security and user experience.
Read full story
Joshua Goldfarb's picture
Actions Enterprises Can Take to Combat Common Fraud Types
Joshua Goldfarb - Fraud & Identity Theft
Josh Goldfarb discusses what enterprises can do to mitigate risk and limit losses account takeover (ATO) fraud, account opening (AO) fraud, and payment fraud.
Read full story
Idan Aharoni's picture
Introducing DAIC: A Suggested System for Preventing BEC Fraud
Idan Aharoni - Fraud & Identity Theft
Proposed Distributed Account Information Certification (DAIC) enables organizations to quickly and securely validate the bank account information of companies before they send payments
Read full story
Joshua Goldfarb's picture
Unemployment Fraud - Preying on Those Most in Need
Joshua Goldfarb - Fraud & Identity Theft
By implementing controls to prevent fraud and implementing fraud monitoring capabilities, state agencies can greatly reduce the amount of unemployment fraud that happens under their auspices.
Read full story
Joshua Goldfarb's picture
Integrating Fraud Data Into Your Workflow
Joshua Goldfarb - Fraud & Identity Theft
For any fraud detection solution to be practical, it must be easily integrated into security and fraud operations.
Read full story
Joshua Goldfarb's picture
Detecting Fraud - Every Step of the Way
Joshua Goldfarb - Fraud & Identity Theft
Facts, data, and evidence are extremely important to properly detecting, preventing, and investigating both security incidents and fraud incidents.
Read full story
Joshua Goldfarb's picture
Is Chasing Malware Really Helping You Reduce Fraud?
Joshua Goldfarb - Fraud & Identity Theft
Playing whack-a-mole with malicious code infections, phishing sites, and compromised credentials won’t help an enterprise reduce losses due to fraud.
Read full story
Laurence Pitt's picture
Noticing More Robocalls? Governments, Service Providers and Consumers Take Action
Laurence Pitt - Fraud & Identity Theft
Although robocalls are a pain for many of us, action is being taken to bring the problem under control.
Read full story
Alastair Paterson's picture
Business Email Compromise Still Reigns
Alastair Paterson - Email Security
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Read full story
Josh Lefkowitz's picture
Why Fighting Card-Not-Present Fraud Remains an Ongoing Challenge
Josh Lefkowitz - Fraud & Identity Theft
The abundance of compromised card data and other assets available online continues to hinder the fight against card-not-present (CNP) fraud.
Read full story