Ukrainian cyber police raided and closed more than a dozen fraudulent call centers last week, saying the operations were running fake investment scams that involved stealing cryptocurrency and payment card details from European and Central Asian citizens.
The tally of organizations affected by the Clop ransomware group's supply chain attack against users of Progress Software's popular MOVEit file transfer software continues to grow. UCLA and New York City schools - including students and staff - are the most recently named victims.
While CISOs need to show the security road map to the businesses, they also cannot act as a showstopper for them. Rather than understanding only the technical nuances of a company, a CISO must invest time to understand the function of each stakeholder, said Silvia Lam Ihensekhein of Swire Coca-Cola.
Socure has purchased a document verification startup founded by former members of Airbnb's Trust and Safety Team for $70 million to better detect fake identities. The deal will help Socure optimize the digital capturing and back-end processing of driver's licenses and passports at faster speeds.
Digital Nasional Berhad, which manages Malaysia's 5G network, follows five principles to ensure a cyber-resilient network. Baljit Dhillon shared how the organization focuses on secure design, zero trust, supply chains, detection and understanding the impact of a compromise.
A Chinese state hacker is using novel tradecraft to gain initial access to victim systems, according to CrowdStrike. Targeted organizations include those in the communications, manufacturing, utility, transportation, construction, maritime, government, IT and education sectors.
A Berlin, Maryland-based hospital recently told regulators that a ransomware breach discovered in January had compromised the sensitive information of nearly 137,000 patients, about five times the number of people originally estimated as having been affected by the incident.
Irish Parliament has proposed changes to a new bill that would make it a criminal offense to disclose privacy reprimands issued by the Data Protection Commission. Civil rights groups are accusing the government of shielding the country's privacy regulator from criticism.
The Securities and Exchange Commission accused SolarWinds CFO Bart Kalsu and CISO Tim Brown of violating securities laws in their response to the 2020 cyberattack. Kalsu and Brown are among "certain current and former executive officers and employees" targeted by the SEC for alleged violations.
A U.S. judge sentenced a 24-year-old British man to five years in prison for his part in hacking high-profile Twitter accounts as part of a bitcoin scam in 2020. Prosecutors say Joseph James O'Connor stole $794,000 by hijacking 130 accounts, including those of Barack Obama, Joe Biden and Elon Musk.
The alleged operator of the darknet narcotics marketplace Monopoly has been extradited to the U.S. to stand trial. The FBI said it identified Milomir Desnica, a 33-year-old dual Croatian and Serbian national, thanks in part to invoices found in a Monopoly database seized by German law enforcement.
Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
A federal appeals court affirmed that Synopsys didn't steal trade secrets from Risk Based Security by creating its own database of open-source code vulnerabilities. The data was not ruled a trade secret because Risk Based Security doesn't derive "independent economic value" from keeping it secret.
Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn. Users should watch for typosquatting, keyword stuffing, meta tagging and cloaking.
Microsoft discovered hackers targeting internet-facing Linux systems and IoT devices to steal IT resources for cryptocurrency mining operations. The campaign begins by brute-forcing target systems and devices and then uses a backdoor to deploy open-source tools such as rootkits and an IRC bot.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.