Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
Sometimes a basic data breach is just the first step in a larger campaign. That appears to be the case with the gaming subscription site Humble Bundle, which began informing its customers of a data breach that may have exposed a person’s subscription status, Malwarebytes reported. While on the outside this appears to be a…
A U.K./Nigerian cybergang with U.S.-based co-conspirators has obtained a list of more than 50,000 corporate officials to be targeted in future Business Email Compromise (BEC) phishing campaigns. The list was generated during a five-month period in early 2018 and of the list, 71 percent were CFOs, two percent were executive assistants and the remainder were…
By Stu Sjouwerman, CEO, KnowBe4 As the online threats to organizations have grown over the past 10-15 years, security awareness training (SAT) has become a critical component of the security infrastructure deployed by IT departments to protect their networks from attacks by malicious actors, whether those attacks are driven by increasingly sophisticated phishing campaigns, voice-driven…
The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans. Dubbed Pied Piper, the campaign was observed targeting a supplier to several well-known food chains, including Godiva Chocolates, Yogurtland and Pinkberry, according to a Nov. 29 blog…
Marriott’s massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company. Marriott has not disclosed exactly…
A phishing campaign targeting the Korean peninsula is using a malicious dropper called CARROTBAT to deliver decoy documents and secondary payloads such as remote access trojans to its victims. Dubbed Fractured Block, the campaign began last March, but has noticeably picked up steam in the last three months, according to a blog post by Josh…
The U.S. midterm election has passed without any disruptive cybersecurity incidents, but researchers at Bitdefender found some evidence of influence campaigns appearing and cybercriminals using election keywords for money-making scams. Bitdefender found four areas of concern. On the political side, it came across typosquatted domains registered by hackers to spread misinformation, particularly in Texas, or…
When it comes to banking trojans Brazil is not only a leading manufacturer, but most often its residents bear the brunt of these attacks, however, Cybereason has found the same malware normally used to attack this South American country has spread worldwide. The malware was found by Cybereason is being used against banks in more…
After taking home a Soul Train Award Toronto rapper Drake may be looking to change his Fortnite account password after someone hijacked his account to spew racial slurs during a charity livestream event. Livestreamer Tyler “Ninja” Blevins was streaming for The Ellen Fund, a wildlife conservation fund created by Ellen host Ellen DeGeneres, when he received an invite…
