Credential harvesting is a technique that hackers use to gain unauthorized access to legitimate credentials using a variety of strategies, tactics, and techniques such as phishing and DNS poisoning. Phishing is the most frequent type of cyber threat and can lead to more harmful attacks such as ransomware and credential harvesting. According to recent research, phishing assaults targeted credential harvesting in 71.5% of cases in 2020.

The entire cybersecurity realm is buzzing over zero-day vulnerabilities and SQL injection attacks owing to the MOVEit Transfer MFT breach. In case you missed it, here’s the back story, timeline of events, and latest updates. On May 31, 2023, Progress Software rolled out security patches for the recently discovered SQL injection vulnerability in their file sharing application, MOVEit Transfer.

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.

Cybercriminals are using AI to carry out various cyberattacks including password cracking, phishing emails, impersonation and deepfakes. It’s important you understand how cybercriminals are using AI to their advantage so you can better protect yourself and family, as well as your accounts and data. Continue reading to learn about AI-enabled cyberattacks and what you can do to keep yourself safe.

If you read the news, you’ve encountered the term “Magecart” multiple times in recent years. The term refers to several hacker organizations that use online skimming methods to steal personal information from websites, most frequently customer information and credit card details on websites that take online payments.

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack. We’ve all heard of a “Man-in-the-Middle” (MitM) attack – also more recently called a “Manipulator-in-the-Middle” attack.

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials. Credential harvesting scams are pretty simple at face value: send an email that links to a spoofed login page/website, and let the credentials roll on in.

Last week, a vulnerability in the popular MOVEit managed file transfer service was exploited by the CL0P ransomware gang to execute data breaches – an increasingly common cybersecurity attack technique where popular software is exploited to target, by extension, their users. Victims of this hack include British Airways, Boots, BBC, and multiple US government agencies.

Killnet is an advanced persistent threat (APT) group based in Russia that has been active since at least 2015. The group is notorious for its highly sophisticated and persistent attacks on a diverse range of industries, including state and local governments, telecommunications, and defense. Killnet has been linked to several high-profile attacks, including the 2016 hack of the Democratic National Committee (DNC) during the U.S. presidential election.

Last week the British Airways, Boots and the BBC all suffered cyber attacks of varying levels. The three businesses have been hit with an ultimatum to begin ransom negotiations from a cybercrime group after employees personal data was stolen in a hacking attack. It emerged on Wednesday the gang behind a piece of ransomware known as Clop had posted it onto their dark net site.

To identify malicious packages and protect yourself against them, you need to know what to look for. Here’s a simple guide. In January 2022, users of the popular open-source libraries “faker” and “colors” suddenly found their applications started to malfunction and display nonsensical data because they had been infected by a malicious package.

As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk. It may come as a surprise, but cyber insurers aren’t in the business of issuing (and covering) cyber insurance policies; they’re in the business of staying in business. And that means identifying and reducing the highest sources of risk where the insurer will lose through paying on claims.

New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.” Here at KnowBe4, we’re obviously big believers in the fact that users are a source of risk when it comes to organizational security. Cybersecurity vendor SoSafe’s Human Risk Review 2023 report provides some independent perspective on this very problem. According to the report, one out of two U.K.

The Wall Street Journal today revealed that North Korea's hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US officials have confirmed this news. These hackers have a highly sophisticated method of operating. A specific example of their actions involved using a fake job offer to trick a startup into losing over $600 million. By posing as potential employers, they social engineered someone who was hopeful for a better job.

A Denial of Service (DoS) attack will prevent your legitimate users from accessing your API. The attack could be physical, such as unplugging network cables, but a Distributed DoS is more prominent. It involves generating a volume of user requests from various machines to overwhelm your servers. DDoS attacks can result in a loss of $50,000 of revenue due to downtime and mitigation.

Artificial intelligence (AI) is transforming modern society at unprecedented speed. It can do your homework, help you make better investment decisions, turn your selfie into a Renaissance painting or write code on your behalf. While ChatGPT and other generative AI tools can be powerful forces for good, they’ve also unleashed a tsunami of attacker innovation and concerns are mounting quickly.

Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor.

On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).

MiTM or Man-in-the-middle attack is one of the most common cyberattacks that online users must be aware of. Anyone who’s actively connected to the internet for both work and entertainment purposes is at risk of being a victim of a MiTM attack. Fortunately, you can prevent the above from happening. This blog is here to help. Below, we’ll discuss MiTM attacks, their types, how they work, and how to prevent becoming a victim.

Enhancements to network security within organizations have made it harder for threat actors to penetrate networks and systems. As a result, people have become the primary target for cyberattacks, with email providing the most effective mechanism for launching these attacks. This leads to all employees within an organization being frequently targeted by phishing attacks.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In an era where digital technology increasingly underpins food production and distribution, the urgency of cybersecurity in agriculture has heightened.

Dark Pink (also known as Saaiwc Group) is an advanced threat actor that has been operating since mid-2021, mainly in the Asia-Pacific region and to a lesser extent in Europe, leveraging a range of sophisticated custom tools within a sophisticated kill chain relying on spear-phishing emails. The group has been quite active since 2021, attacking at least 13 organizations in Vietnam, Bosnia and Herzegovina, Cambodia, Indonesia, Malaysia, Philippines, Belgium, Thailand, and Brunei.

Traveling abroad, whether for business or leisure, brings plenty of tangible benefits to individuals and organizations. Coupled with the convenience of innovative technology at our fingertips, business professionals can achieve a lot if they spend much of their time on foreign shores. However, despite this digital evolution, traveling abroad can present numerous risks to your data and systems.

A pretexting attack is a type of social engineering attack where the threat actor persuades their target into revealing sensitive information or sending them money by making up a story, hence the word “pretext.” Pretexting attacks can come in many different forms including a phone call, text message, email or even in person.

Read also: Jimbos Protocol hacked for $7.5M, nearly 9 million dental patients impacted in a ransomware attack, and more.