Security Experts:

Cybercrime
long dotted

NEWS & INDUSTRY UPDATES

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]
VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data and that of hundreds of other schools, government agencies and companies nationwide. [Read More]
A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]
Adversaries have intensified the targeting of manufacturing and energy sectors in 2020, while decreasing focus on retail and telecommunications. [Read More]
The computer system of one of the nation’s largest school districts was hacked by a criminal gang that encrypted district data and demanded $40 million in ransom. [Read More]
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
Researchers warns that tens of thousands of QNAP SOHO NAS devices potentially impacted by unpatched remote code execution flaws. [Read More]
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]
The administrator of DeepDotWeb website admitted to receiving kickback payments for advertising links to various Dark Web sites. [Read More]

FEATURES, INSIGHTS // Cybercrime

rss icon

Idan Aharoni's picture
With law enforcement’s ability to adapt, showing consistent results despite cybercriminals’ adoption of new technologies, as well as the increase in awareness of cyber attacks, there’s still a room for optimism – not only for the next year, but also for the next decade.
Joshua Goldfarb's picture
Facts, data, and evidence are extremely important to properly detecting, preventing, and investigating both security incidents and fraud incidents.
Joshua Goldfarb's picture
Playing whack-a-mole with malicious code infections, phishing sites, and compromised credentials won’t help an enterprise reduce losses due to fraud.
Idan Aharoni's picture
Speak with security professionals who are involved in monitoring the Dark Web and you will probably end up getting varied responses as to what it is and what it is comprised of.
Torsten George's picture
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
Torsten George's picture
Ransomware is just one of many tactics, techniques, and procedures (TTPs) that threat actors are using to attack organizations by compromising remote user devices.
Idan Aharoni's picture
Many organizations are steadfast in their belief that dark web monitoring is a critical part of their security operations and the security industry is happy to fuel that belief.
Alastair Paterson's picture
Researchers have undertaken a deep dive into the shadowy, cyber world of those whose work involves abusing others online through trickery, extortion, fraud, and theft resulting from COVID-19.
Justin Fier's picture
CISA has recently designated many cyber security positions ‘essential roles', and our understanding of essential businesses and essential employees will continue to change as the pandemic evolves.
Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.