North Korean information technology workers have been attempting to obtain employment in public and private sectors in the United States to fund their home country's weapons of mass destruction and ballistic missiles programs, according to an advisory from U.S. federal agencies.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
In the today’s digital world, when so much of our lives are online, identity verification and authentication are critical to addressing fraud-related risk management challenges. To prevent fraud and protect your business and your customers, you must be certain the people you are dealing with are who they represent...
Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.
Even powerful brands are not immune from fake users; in fact, they are often the most prominent targets. In Q4 of 2021 alone, Facebook removed 1.3 billion fake accounts.
Today, most ecosystems are littered with fake accounts set up to steal confidential information, post fake product reviews, spam legitimate...
Today’s sophisticated cyberattacks combine multiple tactics that include social engineering, zero-day malware and 3rd party OAuth app abuse. Threat actors employ tactics across email, cloud and web that target specific people in your organization to breach your environment and access sensitive data. Hybrid work...
Skyrocketing attack rates, double and triple extortion, increasing ransom demands… cybercriminals are inflicting pain in every way imaginable when it comes to today’s ransomware attacks. And you need to be prepared to protect your network, NOW.
Find out the steps you need to take to minimize damage to your...
Researchers discovered a new social engineering-heavy malware campaign focused on defrauding employees in West Africa's banking sector. Although this campaign is not exactly new, it shows a detailed account of what social engineering looks like, according to cybersecurity veteran Tari Schreider.
Microsoft says it seized control of seven domains belonging to Russian GRU-linked state-sponsored threat group Strontium. The group, also called APT28 and Fancy Bear, used the domains to target Ukrainian media organizations and had U.S. and EU government entities and decision-makers on its radar.
Although the final weeks of 2021 will be remembered for the resurgence of the pandemic, driven by the new Omicron strain, the second half of the year marked the end of restrictions and the reopening of economies in many parts of the world.
What has become clearly apparent from analysis of the LexisNexis® Digital...
Researchers from Malwarebytes have found that cyberespionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is now using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.
North Korean advanced persistent threat group Lazarus has emerged with a fresh spear-phishing campaign that uses a Trojanized DeFi application containing a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed.
Researchers have observed a growing number of threat actors using the Russia-Ukraine war as a lure in phishing and malware campaigns to target the military of multiple Eastern European countries, as well as a NATO Center of Excellence, according to Google's Threat Analysis Group.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.