Collaborate Disseminate
To protect their users from spam and phishing attacks, security professionals should adopt a basic, layered approach to email security.
The post Protecting Against Spam and Phishing Attacks With a Layered Approach to Email Security appeared first on Security Intelligence.
Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.
Continue reading Locky Ransomware Variant Slips Past Some Defenses
Security leaders must defend sensitive enterprise information from both external actors and negligent insiders who might accidentally cause a data breach.
The post Outsider or Insider: Who Will Cause Today’s Data Breach? appeared first on Security Intelligence.
Continue reading Outsider or Insider: Who Will Cause Today’s Data Breach?
A recent barrage of well-crafted phishing emails aimed at employees at U.S. energy companies, including one nuclear facility, is tied to a years-long international campaign to steal user credentials and gather intelligence from the world’s largest energy firms. The New York Times and Bloomberg reported Thursday that the FBI and Department of Homeland Security had recently warned several U.S. energy companies about the threat of hackers attempting to break into their networks by using specially tailored spearphishing emails and watering hole-style attacks. John Hultquist, who leads U.S. cybersecurity firm FireEye’s cyberespionage analysis division, said that he’s been independently tracking this same operation and that FireEye customers were warned about it roughly five weeks ago. “We’ve tied this recent operation to a campaign that started all the way back in 2015, which extends beyond the U.S., and has targeted companies in the Middle East and Western Europe … specifically in Turkey […]
The post Spearphishing attacks on energy firms tied to years-long global hacking operation appeared first on Cyberscoop.
Continue reading Spearphishing attacks on energy firms tied to years-long global hacking operation
Although a recently leaked intelligence report suggested that Russian spies attempted to hack into at least one election software vendor, many of the industry’s top companies say they aren’t threatened by spear phishing emails. Prominent election software companies say that phishing emails do not present a pressing problem, even though a classified intelligence report recently published by The Intercept indicated that Russian military intelligence had previously targeted one such company. The report says Russia’s attempt to influence the U.S. voting process may have been more expansive, and revealed attempts to place malware on the computers of local government officials. Of 16 U.S. election software companies contacted by CyberScoop, four said that they had not received any phishing emails between August 2016 and June 2017, including Free & Fair, ClearBallot, Scytl and BPro Inc. Others, like Everyone Counts, reported receiving phishing emails but stressed the sufficiency of the security systems currently in place […]
The post U.S. election software companies aren’t that worried about phishing emails appeared first on Cyberscoop.
Continue reading U.S. election software companies aren’t that worried about phishing emails
To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
The post Relying on Data to Mitigate the Risk of WordPress Website Hijacking appeared first on Security Intelligence.
Continue reading Relying on Data to Mitigate the Risk of WordPress Website Hijacking
In late 2015, former Director of National Intelligence James Clapper famously warned of a future where adversaries will often “change or manipulate electronic information in order to compromise its integrity” rather than simply steal data. Since then, the world has watched the Kremlin carry out Clapper’s prediction, interfering in democratic processes around the world. A new report released Thursday, authored by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, shows how Russia has made Clapper’s prediction a reality. The research gives a new view on how hackers with suspected ties to the Russian government play a vital part in international disinformation campaigns aimed to discredit enemies of the state and sow discord. The report, “Tainted Leaks: Disinformation and Phishing With a Russian Nexus,” underscores how offensive cybersecurity operations have become a critical tool used by governments to weaponize information and affect public opinion. Hackers acting in […]
The post How phishing emails sent by Russian hackers produce propaganda appeared first on Cyberscoop.
Continue reading How phishing emails sent by Russian hackers produce propaganda
Hackers working for the Russian government sent a barrage of targeted phishing emails between 2014 and 2016 to employees of major news outlets, and they focused particularly on Al Jazeera in the days before and shortly following the U.S. presidential election, according to new research by cybersecurity firm Trend Micro. It’s unclear exactly why the elite team of hackers — known as APT-28, Fancy Bear or Pawn Storm — focused so heavily on the Qatar-based, state-funded global broadcaster during that short window. Like other news agencies targeted over the longer two-year span, including the New York Times and Buzzfeed, the award-winning outlet covered the election in detail and dedicated a section of its website to election-night coverage. Trend Micro’s Forward-looking Threat Research, or FTR, team said staff at Al Jazeera were repeatedly sent phishing emails with deceptive links, including “account-aljazeera.net” and “sset-aljazeera.net.” The subject line for some emails sent by the hacking […]
The post Russian hackers heavily targeted news outlet in days before U.S. election, researchers say appeared first on Cyberscoop.
Nearly 9,000 computer servers based in southeast Asia are infected with or currently dispensing malware, according to a newly unveiled Interpol-led operation heavily supported by multiple private sector cybersecurity firms and domestic law enforcement agencies. Hundreds of compromised websites popularly used in Southeast Asia — including regional government portals — also were identified as under the control of hackers, Interpol announced Monday. The news underscores an increasingly international effort between national law enforcement agencies and the broader digital defense industry to collaborate on cybercrime fighting operations. An assistant attorney general for the Justice Department’s Criminal Division, Leslie Caldwell, said last year that the FBI would need to rely on foreign help to stop hackers in the future. “Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity […]
The post Interpol identifies 9,000 computers in Asia owned by hackers, used to launch ransomware appeared first on Cyberscoop.
With new cognitive enhancements, IBM Trusteer Rapport can help financial institutions protect their customers from phishing attacks.
The post Phishing Attacks Collect 70 Percent of Credentials Within the First Hour appeared first on Security Intelligence.
Continue reading Phishing Attacks Collect 70 Percent of Credentials Within the First Hour