Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. READ MORE...
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today. Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide. READ MORE...
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. FIN7 (aka 'Carbanak') has been involved in cyberattacks and money-stealing campaigns since 2015 when they first appeared in the cybercrime space, including infecting ATMs with MITM-enabling malware. As ransomware has become a profitable field for cybercriminals, and having previous experience with fake front companies like "Combi Security", the group set up a new firm to lure legitimate IT specialists. READ MORE...
Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years. Cryptocurrency scams and account takeovers themselves aren't a rarity, look no further than last fall's Twitter hack for an example of that chaos at scale. READ MORE...
Security leaders are adjusting their technology "musts" to prioritize endpoint security, data protection, and remote access. Interest in these technologies appears to be driven by new security threats and the fact that many organizations are embracing a hybrid workforce. Security and IT teams are interested in a multilayered approach data and are working with both technologies for preventing and blocking attacks, as well as techsfor detecting and responding to breaches post-incident. READ MORE...
For the third time in a month Google has issued an update to patch for several security issues. This time the update patches 19 vulnerabilities, of which 5 are classified as "high" risk vulnerabilities. In an update announcement for Chrome 95.0.4638.54, Google specifies the 16 vulnerabilities that were found by external researchers. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. READ MORE...