The Sophos 2020 Threat Report is out, and among the key findings: Ransomware attackers continue to leverage automated active attacks that can evade security controls and disable backups to do maximum damage in minimal time. John Shier of Sophos analyzes the trends that are most likely to shape the 2020 cybersecurity...
Many ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. But some Sodinokibi ransomware-as-a-service affiliates have shifted instead to targeting victims via botnets, saying hackers' use of RDP exploits has grown too common.
So far, Norweigan aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report.
The Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.
Using the largest repository of breached credentials in the world, SpyCloud has analyzed breach data tied to Fortune 1000 employees to understand what information is out there and how it can be used to commit fraud. In this video, SpyCloud Head of Product Strategy Chip Witt will walk through SpyCloud's analysis of...
Ransomware continues to be a highly profitable cybercrime. Ransomware incident response firm Coveware reports that for the third quarter of this year, the average ransom amount paid was $41,198, a six-fold increase from the same period last year, driven by strains such as Ryuk and Sodinokibi.
For Russian-speaking hackers, ransomware used to be taboo. But GandCrab killed all such ethical qualms, democratizing ransomware-as-a-service, paving the way for new profit-sharing schemes such as Sodinokibi and driving a new generation of attackers to master advanced hacking skills, a new report finds.
A trio of domain name registrars are mandating a password reset after a breach affecting about 22 million accounts occurred in late August. Web.com and two of its brands, Network Solutions and Register.com are contacting victims via email.
Senior government officials in at least 20 countries, including the U.S. and India, were targeted earlier this year with hacking software that used Facebook's WhatsApp to take over users' phones, Reuters reports, citing sources familiar with the messaging company's investigation.
Bulletproof proxies have taken the concepts of anonymity and availability and embedded them in automated bot attacks. How can organizations identify and stop these attacks? Ameya Talwalkar of Cequence Security shares insights.
The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
Cybercriminals are targeting users of Microsoft's Office365 subscription services with phishing campaigns that uses fake voicemail messages in an attempt to steal victims' credentials and other information, according to researchers at the security firm McAfee.
Two hackers have pleaded guilty in connection with an extortion campaign tied to the theft of data on about 57 million Uber customers and drivers. The incident led to a massive fine against the ride-sharing company for its tardy breach notification and weak security.
One major challenge with combating cybercrime in the 2020s and beyond appears destined to be attackers launching a greater number of "smaller-value crimes" so they can better stay "below the radar" of law enforcement, says the Global Cyber Alliance's Andy Bates.
It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities.