Threat from Organized Cybercrime Syndicates Is Rising

Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation. From encrypting communications to fencing ill-gotten gains on…

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. Costco has discovered a payment card skimming…

Mac Zero Day Targets Apple Devices in Hong Kong

Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites. Since at least late August, attackers have…

Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices. A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking…

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector. Russian-language group Void Balaur, also tracked under the…

Not Punny: Angling Direct Breach Cripples Retailer for Days  

A U.K. fishing retailer’s site has been hijacked and redirected to Pornhub. The U.K.’s largest fishing retailer, Angling Direct, experienced a system breach on Nov. 5 that resulted in their…

US Blacklists Pegasus Spyware Maker

NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime. NSO Group – the…

3 Guideposts for Building a Better Incident-Response Plan

Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR. The COVID-19 pandemic has highlighted the pressing need for security…

Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token

It’s a legitimate access token, stolen from a third-party contractor, that lets the attackers send phishing emails from kaspersky.com email addresses. A surge in spearphishing emails designed to steal Office…

All Sectors Are Now Prey as Cyber Threats Expand Targeting

Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It’s time for everyone to strengthen the kill chain. Ransomware doesn’t discriminate – today, every sector…