Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting that it might be written by a new group of cybercriminals.

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather throw a brick through a window or use a key to the front door? What is the MITRE ATT&CK™ Framework? - YouTube An error occurred. Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon is constantly working on adding new features and implementing new changes in its current offering, as well.

The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed attack emails by the middle of April. How can we then be surprised by ZDNet’s reporting that the number of digital crime reports received by the FBI had quadrupled in number, with many of these disclosed attacks featuring COVID-19 as a theme?

According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting businesses in the UK could have been prevented by the implementation of some basic security controls. To help organizations adopt good practices in information security, the UK government released a government-endorsed certification scheme called Cyber Essentials in 2014.

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing.

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.

We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that all employees begin working from home. This development has created security challenges with which many organizations are still grappling.

Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims more than $15 million in damages at the time of writing. Unfortunately, both of those figures are likely to grow as time goes on.

Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge.