Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla. Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
FluBot attacks have commonly come in the form of text messages which claim the recipient has missed a delivery, asking them to click a link to install an app to organize a redelivery. This app installs the malware.
Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.
The topics of the meeting, President Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains.
The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates.
The new APT group is specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell.
Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.
In its notification to customers, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.
The CISA released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.
It’s the time of year when we need to remember and reinvigorate our efforts to achieve greater awareness of the threats and risks posed by the malicious cyber activity of sophisticated threat actors.
One of the newer techniques for BEC scams integrates spear phishing, custom webpages, and the complex cloud single sign-on ecosystem to trick users into unwittingly divulging their credentials.
Arctic Wolf, a managed cybersecurity company that offers a “security operations-as-a-concierge” service, has acquired Habitu8, a security training content platform for an undisclosed amount.
Three of the security flaws fixed today by QNAP are high severity stored cross-site scripting (XSS) vulnerabilities tracked as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355.
Hackers easily take advantage of the fact that the attacks are evolving rapidly and are making use of third-party software as carriers, which is something that many organizations are not ready for.
CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations.
Execs lack faith in government’s ability to protect them from cyber threats, with 60% of firms believing that spending on new security tools and services is the most effective way of stopping attacks.
Google pushed out an emergency Chrome update to fix two zero-days, the second pair this month, that are being exploited in the wild. A dozen such zero-days have been found in 2021.
Of the 4.6 million customers potentially affected, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” according to a news release.
While companies grapple with third-party cyber risk management, the weak points in their current mitigation strategies exacerbate the threat of cyber incidents, a Forrester Consulting survey reveals.