The military must be prepared to disrupt hacking attacks before they reach US computer networks, according to a new strategic vision from the Pentagon. The Department of Defence (DoD) has updated its cyber strategy for the first time since 2015, advocating a more aggressive approach than the previous document. Perhaps most controversially,… Read more

Account takeover attacks (ATO), in which a person’s credentials are stolen and used to send emails from their real account, often result in phishing attacks being sent from the victim’s account, according to a Barracuda Networks report. Out of the 60 total ATO incident recorded, 78% led to phishing emails,… Read more

According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year. For those who experienced an attack, more than 40% lasted longer… Read more

Pindrop released its annual report detailing developments in fraud, the future of voice and the impact to customer service across various industries. In the report, Pindrop reveals the rate of voice fraud climbed over 350 percent from 2013 through 2017, with no signs of slowing down. Additionally, between 2016 and… Read more

A new “swiss army knife” botnet originating from Russia has emerged in the Malware-as-a-Service (MaaS) arena, touting Android-based payloads to potential cybercriminal clients. According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as “The Lucy Gang,” and demos have already been… Read more

The increased complexity of the IT environment, combined with increasingly sophisticated attacks and a rapidly evolving threat landscape, is causing organizations to invest more money in cybersecurity and start to focus on the impact of cyber threats and cybersecurity from a business perspective, according to a research report conducted by… Read more

The retail industry’s cybersecurity preparedness continues to lag behind almost every other sector despite efforts by the major credit card associations to bolster retail security via the Payment Card Industry Data Security Standard (PCI DSS). Third-party risk management firm SecurityScorecard recently analyzed a total of 1,444 domains in the retail… Read more

AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company’s CTO Andrey Meshkov announced. The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords. Meshkov said the… Read more

The Daily Threat Brief aims to provide the gist of current trends in adversary behavior and insights into mitigation strategies that are working. We also report on the results of longer term studies and provide the results of research from our own staff and from highly regarded sources in the… Read more

Nearly 300,000 malicious login attempts by one type of botnet occur every hour, according to a new Akamai report. The specific attack vector the study focuses on is credential stuffing, a cyberattack in which botnets try to log into a site and steal a person’s identity, information, or money. Credential stuffing… Read more

The three masterminds behind Mirai – the infamous botnet known for taking down internet services in a 2016 DDoS attack – will work with the FBI in future cybercrime investigations as part of their sentencing for creating and operating the botnet. The three hackers were sentenced Tuesday in Alaska, after… Read more

A previously unknown hacker group is behind a rising number of breaches that have been reported by local governments across the US. A new FireEye report reveals that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details. Click2Gov is a popular… Read more

The Bitcoin team fixed today a severe vulnerability in the software that underpins the entire Bitcoin network.  The vulnerability is categorized as a simple “denial of service” (DoS). While most DoS bugs cause simple crashes, this vulnerability has a more severe impact than most people believe. The bug affects Bitcoin Core,… Read more

Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim’s systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there’s no sign that the rate… Read more

Earlier this week researchers confirmed a massive payment card skimming scheme operated by Magecart which compromised the online store of broadcaster ABS-CBN; now, the cyberthreat group has claimed a fresh victim in Newegg. Researchers from RiskIQ, together with Volexity, revealed that California-based retailer Newegg is the latest well-known merchant to succumb… Read more