U.S. and U.K. law enforcement officials have shut down hundreds of suspicious domains with COVID-19 names and themes that have been used to support criminal efforts to steal credentials, spread malware and spoof government sites and programs.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
Two recently uncovered spear-phishing campaigns targeted oil and gas firms in the U.S., Asia and South Africa with AgentTesla, a notorious information stealer, according to Bitdefender. These campaigns appear tied to the global oil crisis.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint.
About 25,000 email addresses and passwords that are apparently for staff at the World Health Organization, the Gates Foundation, the U.S. National Institutes of Health and other organizations have been dumped online, according to the Washington Post.
IT services and consulting giant Cognizant is still assessing the damage from a ransomware attack on Friday. And it's warning that the incident is disrupting services to some of its clients and could affect the company's revenue.
About 267 million Facebook user IDs and other user information is being offered for sale on a dark net site for about $540, according to cybersecurity intelligence firm Cyble, which says the data, which does not include passwords, could be used for phishing and other schemes.
In the age of COVID-19 - when staying as close to home as possible and trying to avoid touching anything in public that might spread coronavirus is the new normal - cash is out, and "contactless" payments are in, if you're lucky enough to be able to use them.
As e-commerce explodes during the global CIVD-19 pandemic, transaction authentication is more critical for fraud prevention, says Phil Dunkelberger of Nok Nok Labs, who discusses the latest fraud trends.
CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw. Attackers are now using stolen Active Directory credentials to access networks.
"Fraud guides" designed to assist cybercriminals in carrying out schemes that leverage stolen financial or personal data are the most common offerings on three prominent dark net marketplaces, according to security firm Terbium Labs.