Security Experts:

Cybercrime
long dotted

NEWS & INDUSTRY UPDATES

U.S. cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia. [Read More]
SamSam and GandCrab Illustrate the Evolution of Ransomware into 'Targeted' and 'RaaS'. Targeted ransomware attacks such as those by SamSam take more effort, require skilled adversaries, but generate much larger payouts. [Read More]
Europol and ATM maker Diebold Nixdorf sign a memorandum of understanding for exchanging information and expertise on cyber threats [Read More]
The threat actors behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT) called tRat, Proofpoint security researchers warn. [Read More]
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors. [Read More]
Windows zero-day fixed by Microsoft with its November 2018 Patch Tuesday updates (CVE-2018-8589) used by an APT group in attacks aimed at the Middle East [Read More]
Microsoft fixes over 60 vulnerabilities with November 2018 Patch Tuesday updates, including zero-days and publicly disclosed flaws [Read More]
At least seven different cybercrime groups referred to as "Magecart hackers" are placing digital credit card skimmers on compromised e-commerce sites, Flashpoint and RiskIQ reveal in a joint report. [Read More]
A previously undisclosed threat actor is targeting nuclear-armed government and military in Pakistan as part of a new, unusually complex espionage campaign, Cylance security researchers warn. [Read More]
Fifty-one states, including all EU members, have pledged their support for a new international agreement to set standards on cyberweapons and the use of the internet [Read More]

FEATURES, INSIGHTS // Cybercrime

rss icon

Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Alastair Paterson's picture
As we continue to gear up for an increase in shopping this holiday season, remember that attackers continue to innovate and update their training and skills regularly.
Siggi Stefnisson's picture
If I have one wish for ‘Cybersecurity Awareness Month,’ it’s that we all need to be aware of the need for innovative responses on the part of the security industry, to counter a threat industry which is innovating both technical and business models at a rapid pace.
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Lance Cottrell's picture
Studying the DNC Hacker case shows just how difficult it is to maintain a false identity in the face of a highly resourced and motivated opponent.
Siggi Stefnisson's picture
The truth is that quite a lot of malware is developed by an organization—an actual office of people that show up and spend their working day writing malware for a paycheck.
Lance Cottrell's picture
Actively investigating and infiltrating criminal groups online is not “hacking back,” but it may provoke that as a response.
Alastair Paterson's picture
Malicious actors have been experimenting with a blockchain domain name system (DNS) as a way of hiding their malicious activity and bullet-proofing their offerings.
Lance Cottrell's picture
Even while using Tor hidden services, there are still many ways you can be exposed and have your activities compromised if you don’t take the right precautions.
Erin O’Malley's picture
When ransomware strikes, there aren’t many options for response and recovery. Essentially, you can choose your own adventure and hope for the best.