Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world.

Ransomware 103

Ransomware Cybercrime Malware Social Engineering 103

Security Affairs

DECEMBER 5, 2023

Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

Accountability 102

Accountability Government Phishing Authentication 102

Security Affairs

OCTOBER 26, 2023

As a result, we are now reasonably certain that there was a breach and that some information stored by our Company and/or our Group companies may have been compromised.” Threat actors gained access to the network of the company and stole some data from its systems. SII) were compromised.”

Data breaches 122

Data breaches Ransomware Cybersecurity Education 122

Identity IQ

FEBRUARY 8, 2024

How to Spot an Email Phishing Attempt at Work IdentityIQ In the modern workplace, technology is just as common as the typical morning cup of coffee. Alongside the benefits of a digitally connected office, however, is the ongoing threat of cyberattacks. What Is Phishing?

Phishing 98

Phishing Scams Education Firewall 98

Security Affairs

JUNE 11, 2023

Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations. Then the attacker sent out more than 16,000 emails to the target’s contacts as part of a second-stage phishing campaign.

Phishing 88

Phishing Banking Financial Services Authentication 88

Security Affairs

NOVEMBER 25, 2023

MagicLine4NX is a joint certificate program developed by Dream Security, a South Korean company. Users can integrate the software with various applications, such as web browsers, email clients, and file explorer programs. ” Threat actors leveraged the zero-day to target organizations worldwide, primarily South Korean entities.

Software 104

Software Authentication Internet Internet 104

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. It’s a trend that’s growing.

Phishing 87

Phishing Social Engineering Small Business B2B 87

The Last Watchdog

JANUARY 25, 2021

SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX. 8, security vendor FireEye reported that it had been compromised by a state-sponsored adversary; then on Dec.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

FEBRUARY 8, 2021

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard.

System Administration 130

System Administration Hacking Cyber threats Accountability 130

The Last Watchdog

OCTOBER 5, 2023

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. Erin: So, let’s get started.

Cyber threats 203

Cyber threats Cyber Insurance Cybersecurity Threat Detection 203

Tech Republic Security

FEBRUARY 2, 2022

Ransomware remains the number one threat for most organisations. This report comprehensively examines the adversary’s ongoing innovation and evolution of tried-and-true TTPs like ransomware, business email compromise, zero-day threats, espionage, and more.

Threat Reports 79

Threat Reports Ransomware Government Software 79

Krebs on Security

APRIL 15, 2019

Earlier this month, KrebsOnSecurity heard independently from two trusted sources that Wipro — India’s third-largest IT outsourcing company — was dealing with a multi-month intrusion from an assumed state-sponsored attacker. That prompted an email on Apr. On April 9, KrebsOnSecurity reached out to Wipro for comment.

Insurance 265

Insurance Healthcare Cyber threats Technology 265

Security Affairs

AUGUST 18, 2023

A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. ” states the report published by ESET.

Phishing 81

Phishing Social Engineering Accountability Engineering 81

Identity IQ

DECEMBER 20, 2023

2023: A Year of Record-Breaking Data Breaches IdentityIQ This past year has been an eye-opening year in the realm of digital security. This has left victims scrambling to understand the extent of the damage and how to help protect themselves against the evolving threat of identity theft.

Data breaches 72

Data breaches Identity Theft Cybercrime Social Engineering 72

The Last Watchdog

AUGUST 29, 2022

Related: Damage caused by ‘business logic’ hacking. Password security may seem like a simple solution for a huge problem, but it may be difficult to successfully implement in practice. Consequently, sensitive data can become compromised, ending up in the wrong hands. Shifting exposures. 2009 DBIR page 17) .

Hacking 201

Hacking Passwords Password Management Data breaches 201

CyberSecurity Insiders

APRIL 7, 2021

Mobile Security became worse during the lock-down initiated by COVID-19 across the world says Verizon. The conclusion was made after analyzing the fact that businesses compromised on its security tools to support remote working practices to keep the business continuity intact.

Mobile 115

Mobile Backups Cyber threats Education 115

Malwarebytes

SEPTEMBER 7, 2023

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies.

Authentication 133

Authentication Accountability Government Passwords 133

Security Affairs

AUGUST 29, 2023

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. In June, Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. reads the report published by Mandiant.

Government 102

Government Hacking Malware Accountability 102

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed.

Accountability 315

Accountability Passwords Authentication Password Management 315

CyberSecurity Insiders

APRIL 4, 2023

Social engineering – specifically malicious cyber campaigns delivered via email – remain the primary source of an organization’s vulnerability to attack. Popularised in the 1990s, email security has challenged cyber defenders for almost three decades. billion phishing e-mails get delivered every day.

Cyber Attacks 119

Cyber Attacks Social Engineering Scams Phishing 119

Krebs on Security

FEBRUARY 26, 2023

” “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the company stated in its SEC filing.

Hacking 268

Hacking Social Engineering Phishing Scams 268

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing 122

Phishing Social Engineering Education Retail 122

Security Affairs

MAY 24, 2023

Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were breached exploiting a zero-day vulnerability. “Barracuda identified a vulnerability ( [link] ) in our Email Security Gateway appliance (ESG) on May 19, 2023. Barracuda has also reached out to these specific customers.

Hacking 97

Hacking Network Security Cybersecurity Information Security 97

CyberSecurity Insiders

NOVEMBER 23, 2021

Those spreading ransomware felt that this is the best time to enter a corporate network and compromise it with ransomware as most of the employees will be less vigilant as they will be busy shopping for the best deals during this Thanksgiving 2021(November 25th,2021) and Black Friday 2021(November 26th,2021).

Cyber threats 120

Cyber threats Ransomware Passwords Accountability 120

Malwarebytes

MAY 9, 2022

Over 50 countries sign the “Declaration for the Future of the Internet” Watch out for these 3 small business cybersecurity mistakes. The post A week in security (May 2 – 8) appeared first on Malwarebytes Labs.

Small Business 84

Small Business Healthcare IoT Cryptocurrency 84

SecureWorld News

JANUARY 20, 2023

Popular email marketing service MailChimp recently fell victim to another data breach, this time caused by a successful social engineering attack on its employees and contractors. The incident was limited to 133 accounts, and there is no evidence that this compromise affected any other systems or customer data beyond these MailChimp accounts.

Social Engineering 87

Social Engineering Data breaches Engineering Accountability 87

The Last Watchdog

SEPTEMBER 7, 2022

From sharing emerging threat intelligence to developing new solutions and best practices to prevent and overcome attacks, it’s possible to reduce the impact of ransomware when it happens. The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware.

Ransomware 124

Ransomware Education Financial Services Phishing 124

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 98

Data breaches Small Business Hacking Malware 98

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government 106

Government Telecommunications Accountability Phishing 106

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. The attackers compromised one of the company systems and had access to the emails and documents of some employees.

Identity Theft 86

Identity Theft Data breaches Insurance Hacking 86

Security Affairs

JULY 13, 2023

Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to manually install updates to fix a zero-day vulnerability that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers.

Hacking 85

Hacking Backups Cyber threats Authentication 85

Malwarebytes

SEPTEMBER 15, 2023

The European Union Agency for Law Enforcement Cooperation (Europol), has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europol’s operational analysts. Ransomware is named as the most prominent threat with a broad reach and a significant financial impact on industry.

Cybercrime 103

Cybercrime Ransomware DDOS Backups 103

CyberSecurity Insiders

AUGUST 12, 2021

Like how the 2019 developed Corona Virus threat mutated into the latest Delta variant, a malware that was developed by hackers from Pakistan has reportedly mutated into a new nefarious variant, say experts. Now, news is out that the same malware is being developed and spread through email phishing attacks.

Malware 145

Malware Government Banking Phishing 145

CyberSecurity Insiders

MAY 17, 2023

by J2 Software CEO John Mc Loughlin The threat landscape for businesses has evolved significantly in recent years, with cyberattacks becoming more sophisticated and frequent. Email remains the primary communication tool for businesses, but it also poses significant security risks.

Cyber Risk 59

Cyber Risk Risk Education Technology 59

Security Affairs

MAY 31, 2023

Recently disclosed zero-day flaw in Barracusa Email Security Gateway (ESG) appliances had been actively exploited by attackers since October 2022. Barracuda identified a vulnerability ( [link] ) in our Email Security Gateway appliance (ESG) on May 19, 2023. reads the advisory published by the security solutions provider.

Malware 90

Malware Hacking Network Security Cybersecurity 90

SecureWorld News

JUNE 13, 2023

Critical Start today released its biannual Cyber Intelligence Report, featuring the top threats observed in the first half of 2023 and emerging cybersecurity trends impacting the healthcare, financial services, and state and local government industries. The new Beep malware is top of mind for organizations and individuals.

Cyber threats 71

Cyber threats Malware Phishing Penetration Testing 71

Security Boulevard

FEBRUARY 20, 2022

Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The post Email Security Trends Coming in 2022 appeared first on The State of Security.

Cybercrime 52

Cybercrime Phishing 52