Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
Left unsaid in Fat Face's "strictly private and confidential" data breach notification to affected customers this week was any indication that the fashion clothing retailer had paid a reported $2 million ransom to the Conti gang to unlock its systems. Fat Face has now confirmed the ransomware hit.
The FBI and the U.S. Department of Homeland Security have issued a warning about Mamba ransomware that uses a weaponized version of the legitimate, open-source encryption software DiskCryptor to lock victims out of their systems.
Criminals operating online continue to tap ransomware in their pursuit of an illicit payday. That was the cybercrime reality throughout 2020, and unfortunately it still appears to be holding true in the first months of this year, the Cisco Talos Incident Response team reports.
The Cybersecurity and Infrastructure Security Agency will soon use its new subpoena powers authorized under the 2021 National Defense Authorization Act to help in the battle against ransomware attacks and other cyberthreats, says Brandon Wales, the acting agency director.
To help strengthen the healthcare sector's defenses, the Center for Internet Security is offering all U.S. hospitals and healthcare delivery systems a free protection service designed to help block ransomware and other malware, says Ed Mattison, the center's executive vice president.
Fresh ransomware targeting an unpatched Microsoft Exchange email server flaw appears to have been rushed to market by criminals trying to capitalize on new opportunities before the competition stepped in, resulting in relatively shoddy attack code, security firm Sophos reports.
Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched ProxyLogon flaw in on-premises Microsoft Exchange servers.
Prolific Ryuk ransomware has a new trick up its sleeve. "A Ryuk sample with worm-like capabilities - allowing it to spread automatically within networks it infects" was recently discovered during an incident response effort, warns CERT-FR, the French government's computer emergency response team.