Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Two cybersecurity veterans detail the specific steps the Trump administration must take now if it has any hope of safeguarding the U.S. midterm elections in November against Russian interference, whether via hack attacks or social media and propaganda campaigns.
A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4 million, although investigators believe stealing personal data was not the attackers' goal.
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.
Numerous technology firms now offer facial biometrics recognition search tools for big data sets. But information security expert Alan Woodward warns that these big data sets must be "considered and regulated very heavily" or else we'll be "living in 1984 without knowing it."
Many phishing campaigns are very targeted against specific types of users inside an organization, says Ironscale's Brendon Rod, who notes that "70 percent of attacks are targeting just 10 mailboxes or less and around 30 percent are just targeting one mailbox."
Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.
RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence. The report also shows a continuing surge in mobile app fraud.
A group of cybercriminals known for their persistence and precision in executing attacks against banks' ATMs and card processing infrastructures has regrouped despite the arrest of their alleged leader.
Calling Grant West "a one man cybercrime wave," a British judge sentenced him to serve more than 10 years in prison after he admitted to hacking into businesses, spoofing 100 organizations via phishing campaigns and earning profits in bitcoins from the sale of stolen personal details.
File-less malware is a huge security challenge for organizations today, and traditional email security controls aren't sufficient to meet the challenge. Burke Long of Lastline offers insight on a new way to approach email security.