Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
The U.S. Secret Service is combining its electronic and financial crimes units into a single task force that will focus on investigating cyber-related financial crimes such as BEC schemes and ransomware attacks. The move comes as lawmakers want the Secret Service to take a more active role in fighting cybercrime.
Check Point Research reports that a new version of the Joker mobile malware that infects Android devices has emerged. The malware, hidden in apps in the Google Play store, has once again evaded Google's security tools.
A little-known advanced persistent threat group dubbed Evilnum has been targeting fintech firms in the U.K. and Europe over the past two years, using spear-phishing emails and social engineering to start their attacks, according to the security firm ESET.
A hacking group known as "Keeper" has been using Magecart-like web skimmers to target the online checkout sites and portals of hundreds of e-commerce sites in order to steal the payment card data from about 184,000 customers, according to Gemini Advisory. The thefts are estimated to total in the millions.
Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.
Apache Guacamole, an open-source application that allows for remote connections to devices, contains several vulnerabilities that could enable attackers to steal data or run remote code execution, Check Point Research found. These bugs come at a time when many employees are still working remotely.
The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason. The messages are designed to appear to come from postal and delivery services.
Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET. These attacks pave the way for launching ransomware attacks and planting cryptominers.
Aleksey Burkov, who operated a site called "Cardplanet" that trafficked in stolen payment card data used to make millions of dollars in fraudulent purchases, has been sentenced to nine years in federal prison. His case also involved high-level negotiations between the U.S., Russia and Israel.
A man from the state of Washington has been sentenced to 13 months in federal prison for his role in developing the Satori botnet, which was used to conduct several large-scale DDoS attacks. The Justice Department also unsealed indictments naming co-conspirators.
The U.S. Department of Justice unsealed a superseding indictment against WikiLeaks founder Julian Assange that expands the scope of the government's case against him. Federal prosecutors now allege that Assange conspired with the Anonymous and LulzSec groups to obtain classified information to publish.
A spear-phishing campaign is using military-themed malicious Microsoft Office documents to infect devices, according to researchers at Cisco Talos. The analysts also found this campaign is using a previously unknown dropper called IndigoDrop to spread a weaponized version of Cobalt Strike.