Data Breaches

A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based…

Read More

Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available. Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now. The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and…

Read More

Judicial and law enforcement authorities in Europe, Australia, the US, Ukraine, and Canada took down a so-called spoofing website that allowed fraudsters to impersonate trusted corporations or contacts in order to steal more than $120 million from victims. In a coordinated action led by the UK and supported by Europol and EU judicial cooperation agency Eurojust, a total of 142 suspects were arrested, including the main administrator of the website, according to a statement posted…

Read More

The Council of the European Union (EU) has adopted a new cybersecurity directive designed to improve resilience and incident response capacities across the EU, replacing NIS, the current directive on the security of network and information systems. The new directive, NIS2, will set the baseline for cybersecurity risk management measures and reporting obligations across sectors and aims to harmonize cybersecurity requirements and implementation of measures in different member states. NIS2 enhances EU incident management cooperation…

Read More

A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging app Telegram, where the person or the group goes by handle “Palm Yunn.” On the hacking community forum,…

Read More

Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals. Living off the land is a common tactic The abuse by attackers of system administration, forensic, or…

Read More

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options in the market, CSO prepared a list with the top seven vendors in the market. To decide for the right CIAM product, organizations must balance the ease of the login experience with a kaleidoscope of business…

Read More

Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB.  The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model. Info stealer malware collects users’ credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers,…

Read More