Honeypots designed to track malicious internet activity have detected a surge in brute-force password login attempts against edge devices, and especially - but not exclusively - targeting equipment manufactured by Palo Alto Networks, Ivanti and SonicWall, said The Shadowserver Foundation.
Threat actors are using publicly exposed cryptographic keys - ASP.NET machine keys - to manipulate authentication tokens, decrypt protected information, and insert harmful code into susceptible web servers, creating opportunities for unauthorized control and long-term access.
This week: A hacker claims to have 20 million OpenAI logins, Sweden clears ship in Baltic cable damage, researchers find ways to bypass GitHub Copilot's protections, Netgear patches router flaws, undetectable Mac backdoor raises alarms, Spain nabs hacker, and Deloitte pays $5M for RIBridges breach.
Ransomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by 35%.
In a drastic move to curb fraud along the Myanmar border, Thailand announced plans to cut power and telecommunications in border areas of Myanmar linked to scam operations. The move is aimed at crippling criminal syndicates running notorious call centers that orchestrate scams, financial fraud and human trafficking.
Community Health Center, which has a dozen primary care, dental and other clinics in Connecticut, is notifying nearly 1.1 million people - including pediatric patients and their parents and guardians - that their information was potentially stolen in a cyberattack detected earlier this month.
Operators of cybercrime forums had a bad day on Thursday after European and U.S. law enforcement announced server seizures and arrests. The websites of the Nulled, Cracked and HeartSender markets no longer work. They served millions of users.
This week, researchers spied Palo Alto firewall flaws, a North Korean IT worker conspiracy, ChatGPT as DDoS vector. Chinese hackers targeted a VPN maker, a fake PyPI package and a Russian threat actor shifted tactics. BreachForums' admin faces prison, and scammers used the release of Ross Ulbricht.
Under the Trump administration, the proposed update to the HIPAA Security Rule - issued in the final weeks of the Biden administration - is likely to get trimmed but not totally cut, predicts regulatory attorney Sharon Klein of the law firm Blank Rome. What else should the health sector expect?
On his second day in office, U.S. President Donald Trump pardoned Ross Ulbricht, founder of Silk Road, an online marketplace tied to over $200 million in illegal bitcoin transactions. Ulbricht has been in federal prison since 2015, sentenced to life with no possibility of parole.
This week, Microsoft laid off security staff and released Patch Tuesday, Russian hackers intensified attacks on Ukraine in 2024, Telefónica confirmed a breach, a Tennessee mortgage leader reported a breach and the Texas AG sued Allstate over driver data collection.
A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS's server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.
AI-powered phishing attacks are on the rise. At the same time, our growing digital footprints provide cybercriminals with almost limitless information they can weaponize.
Join Erich Kron, Security Awareness Advocate at KnowBe4, and Jack Chapman, SVP of Threat Intelligence for Egress, as they discuss how...
A Florida-based behavioral health holding company has paid federal regulators a $337,750 HIPAA settlement for a 2018 incident involving the deletion of electronic protected health information pertaining to nearly 3,000 patients. How should other entities avoid these data loss situations?
This week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.