Original research from CybelAngel takes a look at how cybercriminals plan healthcare-related fraud, ransomware and other attacks by obtaining stolen credentials, leaked database files and other materials from specialized sources in the cybercrime underground.
The Cybersecurity and Infrastructure Security Agency (CISA) and AVANGRID, a sustainable energy company providing services in 24 states, conducted a virtual tabletop exercise to test and identify the safety procedures AVANGRID has implemented since the beginning of the COVID-19 pandemic and identify additional procedures necessary to ensure employee safety operations and business continuity in the out years.
Two large phishing attacks, aimed at a combined 10,000 victims, spoofed emails from FedEx and DHL Express in an attempt to steal their targets' business email account credentials.
Local governments, including counties and municipalities, face unique cybersecurity challenges that can too easily disrupt the delivery of mission-critical services. With continuous threats of ransomware and other malicious attacks to derail day-to-day municipality function, like water infrastructure, waste management and more, the security of these entities is of top national priority. Here, we talk to Mike Hamilton, CISO for government cybersecurity firm, CI Security, about the biggest threats to the U.S. critical infrastructure.
New Lookout Threat Report: 70% of government-focused mobile phishing attacks sought to steal credentials in 2020.
February 24, 2021
Lookout Inc. released its Government Threat Report, which examines the most prominent mobile threats affecting federal, state and local governments in the United States. Lookout data reveals that U.S. government organizations are increasingly targeted by credential stealing mobile attacks and exposed to hundreds of vulnerabilities from outdated operating systems and risky apps.
Companies with cloud-first strategies are growing in number as the benefits of cloud have become more apparent and appetizing in the fallout of the COVID-19 pandemic. However, simply having a cloud-first strategy doesn’t guarantee success in the cloud, cost savings and increased agility. Similarly, security remains a pervasive threat if a process for mitigation is not built into the very foundation of your cloud strategy.
There are numerous solutions organizations can implement to mitigate risks associated with employee use of corporate connected devices in the execution of personal business. In this article, we will delve a bit deeper to explain the pros and cons of implementing a few of the more common solutions. It is important to note, that regardless of the solution, an effective awareness and training program for employees is the number one most effective safeguard for your organization.
As pharmaceutical companies and healthcare organizations turn their attention from the development to the deployment of coronavirus vaccines, well-resourced cybercriminals are hotly following suit. The vaccine supply chain is rife with logistical complexities making the enormously valuable data on the various vaccines deeply attractive to threat actors. In fact, cybercriminals are already attempting to steal vaccine formulas and disrupt operations.
Audio-based social app Clubhouse has allegedly suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service. The app, which launched in March 2020, has quickly gained popularity, raising $100 million in funding in January.
Digital Shadows highlighted the growing role of Initial Access Brokers within the criminal ecosystem within its Initial Access Brokers Report. Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups.
RSS
