The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud -based accounts after several recent successful attacks. According to an advisory published by CISA , an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety of corporate laptops and...

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data that can best pressure bosses into approving the...

It's time to say a final "Goodbye" to Flash. (Or should that be "Good riddance"?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021. In the company's own words it "strongly recommends all...

Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data. Although Embraer may not be a household name, it is the world's third-largest producer of civil aircraft (after Boeing and Airbus), having delivered more than 8,000 aeroplanes to date. According to a press release issued by the firm, Embraer spotted it was being...

Three men have been arrested in Nigeria, suspected of being members of an organised cybercrime gang that has targeted over 500,000 government agencies and private sector companies around the world. The group, dubbed TMT by threat researchers at Group-IB, is said to have engaged in attacks against businesses since at least 2017, tricking company employees into opening malware-laced emails posing as...

So, you're a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a...

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts. In a data breach notification sent to...

Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems. The maker of such well-known video games as "Resident Evil" and "Street Fighter" disclosed in a short press release that in the early hours of Monday some of its networks "experienced issues" that affected access to email and file servers. In...

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to log into a Loginizer...

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October 10th. Part of the email reads: "It is with the greatest...

The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has - understandably - made headlines around the world. And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status. It's no surprise, therefore, to discover that cybercriminals are exploiting...

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn't made to cybercriminals. There's no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can lessen the problem by carefully following tried-and...

A critical vulnerability in Instagram's Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook , could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS...

US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. The men - Danil "Cronuswar" Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively - are said to be responsible for a phishing campaign that targeted customers of cryptocurrency exchanges between July 2017 until at least...

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw malicious hackers access its network and steal funds worth US $5.4 million. In a message posted on Telegram, the Slovakian cryptocurrency exchange listed the six hot wallets plundered by cybercriminals for their Ether, Tezos, Bitcoin, ALGO, Ripple, and TRON riches. The majority of the...

Security researchers at Slovak security firm ESET have discovered a new family of malware that they say has been using a variety of techniques to steal cryptocurrency from unsuspecting users since at least December 2018. The malware, which has been named KryptoCibule, uses a variety of legitimate technology - including Tor and the Transmission torrent client - as part of its scheme to mine...

More information has emerged related to last week's attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam. Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site's internal support team. Those tools allowed attackers to reset passwords, login to...

What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential candidate Kanye West and was distributed to his almost...

Things just got serious. Business Email Compromise is no longer solely the province of chancers and opportunistic Nigerian actors such as the Yahoo Boys. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it. Security researchers at Agari have published a report detailing their investigations into a Russian cybercrime gang they say have stolen...

Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data's safe return. As ZDNet reports , ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a password. Unsecured MongoDB databases being...