An Ohio parish was scammed out of $1.75 in a business email compromise (BEC) attack while the parish facilities were undergoing a $4 million renovation. Hackers gained access to two employee email accounts and used the accounts to convince other employees to wire funds to a fraudulent bank account.
The online checkout skimmer, Magecart, strikes again in a supply chain attack perpetrated by the hacker group, Mirrorthief.
The Verizon 2019 Data Breach Investigations Report (DBIR), released in May, analyzed 41,686 security incidents including 2,013 confirmed data breaches.
Makers of cloud-based accounting software, Wolters Kluwer CCH, recently confirmed a system outage reported in early May was the result of a malware attack.
Sophos security researchers have noted a spike attacks using the new ransomware family, MegaCortex. Researchers believe attackers are using Emotet and Qbot Trojans to deliver the MegaCortex ransomware, but have yet to make a direct correlation.
The FBI and U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on ELECTRICFISH, used by the North-Korean advanced persistent threat (APT) group Lazarus, to extract data from its victims.
Researchers at Advanced Intelligence (AdvIntel) revealed a collective of hackers are actively marketing the spoils of data breaches from three U.S.-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access for $300,000 on the dark web, showing strong evidence of the validity of its claims.
Hackers have been exploiting a critical vulnerability in Microsoft’s SharePoint collaboration platform to deliver malware.
Facebook has patched a critical zero-day vulnerability in its WhatsApp platform that had allowed hackers to remotely install spyware on phones by calling the targeted device. The malware is delivered and installed via a phone call through the app, regardless of whether the recipient answers or not. The vulnerability, tracked as CVE-2019-3568, has been described by Facebook as a “buffer overflow” in the WhatsApp VOIP stack, the code that allows for phone calls via the internet. The gap allowed an attacker to remotely execute arbitrary code by sending specially crafted Secure Real-time Transport Protocol (SRTCP) packets to the targeted phone number.
Researchers have identified a vulnerability in widely used Intel processors that attackers could exploit to steal private data from computers, servers, and cloud environments. Dubbed Zombieload, OS and microde patches are required to mitigate most of the risk and disabling hyperthreading on the CPU completely remediates it, but can impact the device’s performance by 9%.
Microsoft issued two separate warnings to windows users to patch security flaw CVE-2019-0708, also known as Bluekeep.
Since the EternalBlue exploit opened the door to the infamous WannaCry ransomware outbreak in 2017, attempts to use the exploit have only been growing in prevalence, with users receiving hundreds of thousands of attacks every day.
The anonymous hacker, SandboxEscaper released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting the Windows 10 operating system. marking the fifth publicly disclosed Windows zero-day exploit from the hacker in less than a year. The hacker also claims to be sitting on 4 more undisclosed zero days in Windows, three of which lead to local privilege escalation and the fourth lets attackers bypass sandbox security.
Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to a phishing trends report released by the Anti-Phishing Working Group, the international coalition of government, law enforcement and businesses aimed at preventing the malicious email scams. SaaS and webmail became the biggest target in Q1, accounting for 36% of all phishing attacks, eclipsing the payment-services category for the first time.
First American Financial Corp., one of the largest providers of title insurance and settlement services for U.S. homebuyers suffered a data exposure, according to cybersecurity researcher, Brian Krebs.
How safe is your organization? Take the Cyber Risk Scorecard survey to assess your current cybersecurity standing and find additional steps your organization can take to protect against common cyber threats.
401(k) retirement plan data is a massive cyber breach waiting to happen, but who is actually responsible for keeping participant data safe? Join us for a Cybersecurity and your 401(k) plan webinar addressing your fiduciary obligations as a retirement plan sponsor.
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
Wire transfer requests top the list of business email compromise (BEC) objectives, according to a study by Barracuda Networks. Additional objectives laid out by the report include duping users into clicking on malicious links, establishing rapport and stealing information, with the end goal of extorting millions of dollars from unsuspecting companies.
This month's Threat Intelligence Report is about a large hotel chain that reports an “unauthorized access” to its customer database since 2014, exposing data of 500 million guests; a vulnerability in a postal service site that left 60 million customers exposed for more than a year; a third-party vendor breach that exposes data of millions of healthcare patients; a new report that profiles notorious MageCart cyber criminals; court documents that reveal first-ever indictment on ransomware charges; and a bundled pack that makes SamSam and other ransomware easier for hackers to obtain and deploy.
Send a Message
Find a Location