A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML Help file.
The U.S. government on Wednesday unsealed criminal charges against five suspected members of the "loosely organized, financially motivated cybercriminal group" Scattered Spider. The suspects have been tied to 45 attacks, disrupting businesses and stealing cryptocurrency worth millions of dollars.
Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It's possible that Pyongyang shared its attack methods and tools.
Android Spynote malware is masquerading as antivirus software to exploit Android processes to infiltrate devices, seize control and steal sensitive information from unsuspecting users. A report from Cyfirma shows the malware disguising itself as "Avast Mobile Security" in a recent campaign.
In the second episode of ISMG's "APAC Insights" series, ISMG editors analyze cybersecurity threats to artificial intelligence systems and the region's worsening fraud landscape with Kaushik Sinha of Fujitsu Research and Applied Quantum's Kawin Boonyapredee.
Canadian authorities arrested a suspected extortionist tied to the hacking theft of terabytes of data from clients of cloud-based data warehousing platform Snowflake. Charges against the suspect, Alexander Moucka, aka Connor Moucka, have yet to be publicly detailed.
Governments globally are intensifying anti-scam measures, introducing new guidelines to banks, telecom providers and other key sectors to bolster security controls and mitigate fraud risks for consumers and businesses. Some new frameworks threaten to levy stiff penalties for non-compliance.
A Colorado-based pathology laboratory is notifying more than 1.8 million patients that their sensitive information was compromised in an April hack, one of the largest breaches reported by a medical testing lab to U.S. federal regulators to date. Ransomware gang Medusa is blamed for the attack.
In this episode of Information Security Media Group's new monthly series, "Insights APAC," ISMG editors discuss the top cybersecurity developments in the region, including a mega breach of healthcare records in India and how experts are tacking fraud and money laundering in the Asia-Pacific.
The Indian prime minister is warning citizens to be on the lookout for "digital arrest" scams in which cybercriminals pose as government officials or policemen to trap victims on phone calls and extort them into paying fake fines or court fees. Citizens lost $14.2 million in such scams this year.
Hackers can use OpenAI's real-time voice API to carry out for less than a dollar deepfake scams involving voice impersonations of government officials or bank employees to swindle victims, said researchers at the University of Illinois Urbana-Champaign.
Despite heavy security investments, banks still struggle with basic security issues such as default passwords, vendor vulnerabilities and social engineering scams. Scott Weinberg, CEO of Neovera, shares a new report that shows banks of all sizes still grapple with these common risks.
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.
A recent incident shed light on a chilling new tactic: North Korean operatives posing as IT professionals to infiltrate organizations all over the world. And this one hit a little too close to home. KnowBe4 is pulling back the curtain on this event to help you protect your organization from this new and growing,...
Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. Cybersecurity firm Eset said threat actors did not compromise its systems.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.