cybercriminals

Malware & Threats

Issued by: Security Week

The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned to “uncategorized” entities before the cybersecurity firm can determine with certainty if it’s a financially-motivated group (FIN) or a state-sponsored advanced persistent threat actor (APT). The threat group, tracked until now by…

Malware & Threats

Issued by: Security Week

The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Two common attack methodologies have been phishing (where the pandemic has provided the opportunity to add two of the most compelling social engineering triggers:…

Malware & Threats

Issued by: Security Week

The attackers are a group that uses the BlackMatter ransomware and the victim is Fort Dodge, Iowa-based New Cooperative, which has 60 members and offers agronomy, grain, feed, energy, and software solutions. New Cooperative has confirmed that it’s dealing with a “cybersecurity incident” that has impacted some of its systems. The company says it has…

Vulnerabilities

Issued by: Security Week

WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals. On Thursday, WooCommerce said that on July 13 it received a report of a critical vulnerability in the plugin, urging users to update their installations as soon as possible, but without…

Software Security

Issued by: Dark Reading

One of the most common ways cybercriminals breach enterprises is by finding security vulnerabilities in the applications they use. The last year delivered a plethora of security challenges. Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure…

Malware & Threats

Issued by: Security Week

From Egregor to Doppelpaymer to Ryuk, it continues to command headlines. Pandemic-fueled phishing scams, the lack of visibility across remote endpoints, and lax attitudes have been a boon for ransomware groups over the last year. Worst of all, ransomware no longer discriminates. It dominates small towns and municipal offices, video game makers, and shamelessly, healthcare…

Application Security

Issued by: Security Week

The automated scam service has been named Classiscam by Group-IB and it’s meant to help cybercriminals steal money and payment data from unsuspecting victims, through the use of fake pages mimicking those of legitimate classifieds, marketplaces and delivery services. The Classiscam scheme is powered by Telegram chatbots, which generate a complete phishing kit, including courier…

Network Security

Issued by: Help Net Security

The year 2020 has given us a contentious U.S. election, a global economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from truth, ransomware has been delivering ever more serious consequences, and insider leaks continue to validate privacy concerns despite increased adoption of privacy laws across…

Vulnerabilities

Issued by: Dark Reading

What was it like working cybersecurity this year? We know all the obvious answers: The pandemic forced just about everyone to work from home, security teams had to scramble to protect disparate networks and home setups, and cybercriminals made life miserable by taking advantage of the chaos. But with 2020 a few days shy of…

Vulnerabilities

Issued by: Help Net Security

The COVID-19 pandemic has had a profound impact on education, bringing about a sudden boom in remote and online learning. While the transition has forced many schools to implement innovative solutions, it has also revealed stark vulnerabilities in their cybersecurity strategies, which is especially concerning given that schools have become a new target for cyber…