Dark Reading: Attacks/Breaches
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
Data is fueling account takeover attacks in a big way, Digital Shadows says.
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
As More People Return to Travel Sites, So Do Malicious Bots
Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.
US Charges Kazakhstani Citizen With Hacking Into More Than 300 Orgs
The accused man, and members of his cybercriminal group, allegedly made at least $1.5 million hacking into companies and selling access to systems over the past three years.
How Advanced Attackers Take Aim at Office 365
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
Why Cybersecurity's Silence Matters to Black Lives
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
EDP Renewables Confirms Ransomware Attack
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
Drone Path Often Reveals Operator's Location
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
BEC Busts Take Down Multimillion-Dollar Operations
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
North Korea's Lazarus Group Diversifies Into Card Skimming
Since at least May 2019, the state-sponsored threat actor has stolen card data from dozens of retailers, including major US firms.
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
Android Adware Tied to Undeletable Malware
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
How to Assess More Sophisticated IoT Threats
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
22,900 MongoDB Databases Affected in Ransomware Attack
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next£
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign
Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
Feed Fetched by RSS Dog.