Cryptojacking - the hidden mining of virtual currencies - continues to be a focus for online attackers. As the detection of cryptocurrency mining malware continues to rise, Europol warns that cryptojacking will remain "a regular, low-risk revenue stream for cybercriminals."
The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.
A notorious group of payment card-stealing gangs called Magecart has been tied to another series of online attacks, this time against Shopper Approved, an e-commerce service used by thousands of sites to gather reviews from customers.
Memo to hackers: Boasting about your exploits on social media channels is a good way to get caught. Indeed, Italian police say they busted a suspected hacker after he bragged not only about defacing the NASA home page but also about being part of a group calling itself "Master Italian Hackers Team."
U.S. and U.K. government agencies have said they have "no reason to doubt" strong denials issued by Amazon and Apple that hardware hackers had successfully implanted tiny chips in their servers that provided a backdoor for Chinese spies.
Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email accounts for a company's finance department can typically be purchased via the black market for just $150 to $500.
The British and Dutch governments have issued a strong rebuke to the Russian government over an ongoing series of "Fancy Bear" hack attacks that they say were launched by Russia's military intelligence agency Russian Main Intelligence Directorate, aka the GRU.
The U.S. Justice Department unsealed a criminal indictment charging seven alleged Russian GRU military intelligence agency officers with hacking multiple organizations, including the World Anti-Doping Agency, as part of APT 28 - aka Fancy Bear - cyber espionage operations.
The East African institution State Bank of Mauritius says its India operations may have lost $14 million as a result of a cyberattack Tuesday. Although the bank did not confirm the exact nature of the attack, some security experts suspect it involved fraudulent transactions via the SWIFT network.
The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.
A gang of North Korean government hackers, known as APT38, has stolen more than $100 million from banks in Asia and Africa via fraudulent SWIFT transfers, cybersecurity firm FireEye warns. Separately, the U.S. government says North Korea is also behind serious ATM malware cash-out attacks.
Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3 million ($3 million) directly from customers' bank accounts.
The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline. Port officials say the attacker has demanded a ransom, payable in bitcoin, for the promise of a decryption key.