In the future, deepfake technology will have a significant impact on newer forms of authentication such as voice and facial recognition and pose new challenges to defenders, said Ofer Friedman, chief business development officer at AU10TIX, an Israel-headquartered identity verification company.
Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.
Mobile banking Trojans spread through deceptive social media messages remain a problem for Indian smartphone users, warns Microsoft. India accounts for 4 in 10 global transactions made with digital payments, according to the National Payments Corporation of India.
The chief operating officer of an Atlanta-based cybersecurity firm has pleaded guilty and agreed to pay restitution of more than $818,000 in a federal criminal case in which he admitted hacking a Georgia medical center in 2018 in an effort to drum up business for his company.
Security company CrowdStrike said it had observed Iranian hacker group Imperial Kitten, also known as TA456, Crimson Sandstorm and Tortoiseshell, conducting web compromise operations between 2022 and 2023 to infiltrate Israeli logistics, transportation and technology companies.
Security researchers say an Iranian state hacking group is likely using spearfishing and a legitimate content hosting service in a cyberespionage campaign targeted against Israel. The hacker group, tracked as MuddyWater, likely mounted a new campaign after the onset of the Israel-Hamas war.
Hospitals, clinics and doctor practices have long fallen victim to cyberattacks and breaches kicked off with phishing emails. But with the advent of AI-augmented phishing, the lures are more convincing and could lead to even more scams targeting healthcare organizations, federal authorities warned.
India federal law enforcement busted tech scam fraud rings operating in locations across the subcontinent after Microsoft and Amazon shared intelligence with the Central Bureau of Investigation. Scammers allegedly operated call centers impersonating tech giant customer support.
The FBI is warning plastic surgery practices and their patients of cybercriminals targeting their sensitive health information and medical photos for extortion schemes. The alert followed recent hacking incidents at several plastic surgery practices involving data theft.
Cybercriminals are disguising malware as phony browser updates on compromised websites. Fraudulent updates for Chrome, Firefox and Edge browsers are luring unsuspecting users into downloading malware that can steal data, take over devices or deploy ransomware.
Each year, financial scams cost banks up to $400 million in losses. Despite heavy investments in anti-fraud technology, banks are struggling to protect customers. Bank impersonation scams continue to be the most widely used approach for duping banking customers, said CEO of a stealth startup and the former senior...
A financially motivated hacking group turned cyberespionage operation targeted attendees of high-profile European conferences, including the Women Political Leaders Summit in Brussels. Threat actor Void Rabisu - also known as Tropical Scorpius and UNC2596 - has been honing its backdoor.
Hotel and casino giant MGM Resorts says the recent hack attack against it cost $110 million in lost revenue and mitigation expenses. The publicly traded company expects to recoup losses and costs to date via cyber insurance. MGM Resorts says that its investigation remains ongoing.
What do "bank transfer request.lnk" and "URGENT-Invoice-27-August.docx.lnk" have in common? Both are the names of malicious files being sent as part of a phishing campaign attributed to the Qakbot botnet group that has continued despite law enforcement disrupting Qakbot's operations in late August.
Researchers discovered an undocumented backdoor being used by the North Korean Lazarus Group to target a Spanish aerospace company. The attacker masqueraded as a Meta recruiter and tricked the victim into downloading and executing malicious files on a company device.