Application securityFake Google Docs on Google Sites launch AZORult infostealer campaignAzorult infostealer aims to steal user credentials and credit card information via HTML smuggling.
RansomwareSTOP ransomware, more common than LockBit, gains stealthier variantThe variant performs 65 million data copies as a delay tactic and employs dynamic API resolution.
MalwareQakbot mechanizes distribution of malicious OneNote notebooksA large-scale "QakNote" attack deploys malicious .one files as a novel infection vector
RansomwareHHS investigating ‘unprecedented’ Change Healthcare ransomware attackThe probe will establish whether HIPAA privacy, security and beach notification met compliance rules.
IdentityRedLine malware top credential stealer of last 6 monthsRedLine was used to steal over 170 million passwords in the last six months, or nearly half of all stolen passwords.
Threat IntelligenceCryptocurrency scams metastasize into new forms“DeFi mining” scams adopted by pig-butchering rings create more problems for those trying to defend against them.
AI/MLNew online investment scams powered by bots to simulate fake expertsSecurity pros say the new scams use the latest chatbot technology.
Cloud SecurityPhishing campaign leverages AWS and GitHub to launch RATsAttackers continue to leverage popular AWS cloud and GitHub developer services as a way to “live-off-the-land” and launch malware.
RansomwareCryptoGuard: An asymmetric approach to the ransomware battleIn the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques
RansomwareChange Healthcare hacker may be linked to China espionage gangsResearchers unearthed a possible connection between nation-state groups and the ALPHV/BlackCat affiliate responsible for the highly disruptive attack.
Threat predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons than everSponsored by FortinetNovember 22, 2023
Watch: FBI encourages reporting of cyber incidents, backs legislationStephen WeigandDecember 23, 2021
Congress must understand that there’s no patient safety without strong cybersecurity Toby Gouker March 13, 2024
Change Healthcare attack calls for health sector to take on a more proactive security stanceBrian NeuhausMarch 12, 2024