Capital One Phish Showcases Growing Bank-Brand Targeting Trend
Capital One lures leveraged the bank’s new partnership with Authentify, showing that phishers watch the headlines, and take advantage.
Cyber NewsEspionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange
APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.
Cyber NewsBrazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. “The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works,” Kaspersky researchers said. “This enables the […]
Cyber NewsWhy the US Should Help Secure Mexican Infrastructure — and What It Gets in Return
Call it cross-border enlightened self-interest: As one of the US’s premier trade partners and closest neighbors, what’s bad for Mexico is bad for the US.
Cyber NewsXSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data
Bugs in Canon Medical’s Virea View could allow cyberattackers to access several sources of sensitive patient data.
Cyber NewsWhy You Need a VPC
ACM.65 Yes, you need a VPC. This is a continuation of my series on Automating Cybersecurity Metrics. I used to say when I was a lead developer at Capital One that communication was the hardest part of my job. Writing the code was the easy part. Sometimes I think I explain things clearly and then people […]
Cyber NewsWhat Lurks in the Shadows of Cloud Security?
Organizations looking to get ahead in cloud security have gone down the path of deploying CSPM tooling with good results. Still, there’s a clear picture that data security and security operations are next key areas of interest.
Cyber NewsResearchers Uncover Covert Attack Campaign Targeting Military Contractors
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. “The attack was carried out
Cyber NewsFive Steps to Mitigate the Risk of Credential Exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their […]
Cyber News