The US Consumer Financial Protection Bureau reportedly plans to release new guidance requiring banks to reimburse consumers for certain money-transfer service scams. Ken Palla, former director at Union Bank, says banks might look to the U.K. for examples of how to stop authorized push payment fraud.
Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.
The cybercriminals behind BlackCat ransomware have upgraded their arsenal by adding Brute Ratel, a pen-testing tool with remote access features that are used by attackers. The group targets large corporations in different industry segments across the U.S., Europe and Asia.
Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes. From there, they emailed corporate vendors to obtain financial data.
Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million. The attack took advantage of human credibility, not a cybersecurity exploit in the Uniswap protocol, experts say. The stolen funds are being laundered in a cryptocurrency mixer.
The government of Puerto Rico announced an investment of $7.6 million toward strengthening cybersecurity on the island. The island has undergone a string a embarrassing cybersecurity incidents, including a phishing incident that stole $2.6 million of taxpayer dollars.
The past few years have shown us a tremendous shift in BEC attacks, which changed its strategies from Executive Impersonation to opting to impersonate third party vendors and suppliers instead. This shift has given the threat actors a plethora of additional trusted identities to exploit.
This Threat Intelligence...
Hotel chain Marriott International Inc. confirmed reports of a data breach and attempted extortion incident. Unknown hackers claim to have stolen 20 gigabytes worth of data but the hospitality giant tells ISMG only one system was compromised and no critical business or customer data was exposed.
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.
Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.
For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.
"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.
Abnormal Security is out with new financial crimes research, and it
shows that traditional business email compromise is evolving into
new forms of financial supply chain compromise. Crane Hassold
shares insights on the crimes and how best to detect, deter and
respond to them.
In a video interview with Information...
A new Android malware that can steal financial data, credentials, crypto wallets, personal data and cookies; bypass multifactor authentication codes; and remotely control infected devices is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.
Phishing is no longer restricted to just emails. As attackers broaden their arsenal, businesses today also need to be on the lookout for impersonation attempts via SMS text messages or voice calls, says Roger Grimes, a data-driven defense evangelist at KnowBe4.