Google Translate Helps BEC Groups Scam Companies in Any Language

BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.

Dark Web Revenue Down Dramatically After Hydra's Demise

Competitor markets working to replace Hydra's money-laundering services for cybercriminals.

Crypto Drainers Are Ready to Ransack Investor Wallets

Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.

10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

T-Mobile Breached Again, This Time Exposing 37M Customers' Data

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

Compromised Zendesk Employee Credentials Lead to Breach

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

PayPal Breach Exposed PII of Nearly 35K Accounts

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

High-Value Targets: String of Aussie Telco Breaches Continues

Australian IT services provider Dialog has announced a breach, making it the third telecom company in the area compromised in less than a month.

Vice Society Publishes LA Public School Student Data, Psych Evals

After a flat refusal to pay the ransom, Los Angeles Unified School District's stolen data has been dumped on the Dark Web by a ransomware gang.

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid.

Capital One Phish Showcases Growing Bank-Brand Targeting Trend

Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data

Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.

Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

Russia Planning Cyberattacks on Ukraine's Energy Grid

Ukraine military intelligence says Russia is planning cyberattacks on the country's energy sector, as well as against allies including Poland and the Baltic states.

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

U-Haul Customer Contract Search Tool Compromised

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

Holiday Inn Owner InterContinental Has a Breach Trend

After a high-profile 2017 breach and a Holiday Inn ransomware hit earlier this year, IHG confirms that its booking channels and applications have been disrupted in yet another cyberattack.

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.

DEF CON 30: Hackers Come Home to Vibrant Community

After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.

US Offers $10M Double-Reward for North Korea Cyberattacker Info

North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure.

Discord, Telegram Services Hijacked to Launch Array of Cyberattacks

Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn.

Google Chrome Zero-Day Weaponized to Spy on Journalists

Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say.

Marriott Data Breach Exposes PII, Credit Cards

The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.

OpenSea NFT Marketplace Faces Insider Hack

OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

Exchange Servers Backdoored Globally by SessionManager

Malicious IIS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.

LockBit 3.0 Debuts With Ransomware Bug Bounty Program

LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.

RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex

After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.

Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead

Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties.

DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again

The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn.

Google: SBOMs Effective Only if They Map to Known Vulns

SBOMs should be connected with vulnerability databases to fulfill their promise of reducing risk, Google security team says.

RSAC Opens With Message of Transformation

Cybersecurity needs to shift its thinking ahead of the next disruption, RSA's CEO said during the opening 2022 conference keynote.

Ransomware's ROI Retreat Will Drive More BEC Attacks

Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.

Communication Is Key to CISO Success

A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.

DeFi Is Getting Pummeled by Cybercriminals

Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Black Hat Asia: Democracy's Survival Depends on Taming Technology

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.