Credentials Theft - Security Intelligence

A businesswoman leads a training session on social engineering vocabulary.

article

Why Every Employee in Your Organization Should Learn Social Engineering Vocabulary

When it comes to social engineering training, make sure every employee learns the names of specific attacks.

June 13, 2019 | By Mike Elgan

article

A woman checks her calendar on a smartphone: scam offers

news

Fraudsters Abuse Smartphone Google Calendar Feature to Push Through Scam Offers

Fraudsters are abusing a Google Calendar feature that's commonly enabled on smartphones to target unsuspecting users with scam offers.

June 12, 2019 | By David Bisson

news

A woman checks her email in the office: Babylon RAT

news

Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

Researchers spotted a phishing campaign delivering a multi-feature, open-source remote administration tool known as Babylon RAT.

May 21, 2019 | By David Bisson

news

Man working on a laptop infected with cryptomining malware

news

Attackers Use EternalBlue and PowerShell Scripts to Spread Cryptomining Malware Across Asia

A cryptomining malware campaign originally discovered in January is now using the EternalBlue exploit to target users in Asia, according to security researchers.

April 15, 2019 | By Shane Schick

news

Two programmers working on security controls to detect black market tls/ssl certificates

article

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.

April 11, 2019 | By Koen Van Impe

article

Professionals working on a computer targeted by phishing campaign

news

Phishing Campaign Makes Use of SingleFile Browser Extension Tool to Obfuscate Malicious Activity

In a recent phishing campaign, fraudsters used a legitimate browser extension tool called SingleFile to obfuscate their attacks and remain undetected.

April 9, 2019 | By David Bisson

news

Two security professionals discussing a Shade ransomware infection

news

Shade Ransomware Campaign Compromises at Least 500 WordPress and Joomla Websites

Security researchers discovered a hidden HTTP directory that is allowing threat actors to install Shade ransomware on WordPress and Joomla websites.

April 3, 2019 | By Shane Schick

news

Professional using a smartphone infected with an Android Trojan

news

New Gustuff Android Trojan Capable of Targeting More Than 100 Banking Apps

Researchers detected a new Android Trojan called Gustuff that is capable of targeting more than 100 mobile banking apps.

April 2, 2019 | By David Bisson

news

Businesswoman checking her email: brute-force attack

news

Brute-Force Attack Wave Uses Legacy Protocols, Credential Dumps to Compromise Cloud Accounts

A massive brute-force attack campaign used both legacy protocols and credential dumps to compromise cloud user accounts, according to security researchers.

March 20, 2019 | By David Bisson

news

Social media influencer using smartphone targeted in Instagram hacking campaign

news

Threat Actors Use Fake Copyright Infringement Notifications in Instagram Hacking Campaign

Security researchers discovered that attackers are using fake copyright infringement notifications as part of a recent Instagram hacking campaign.

March 19, 2019 | By David Bisson

news

Fake Android Apps Steal Cryptocurrency Credentials With 2FA Bypass Technique

TCP SACK Panic Flaw Could Compromise Production Linux Machines

Free Decryption Tool Enables Victims of GandCrab Ransomware to Recover Their Files

Outlaw Threat Group Using Botnet to Distribute Monero Miner, Perl-Based Backdoor

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control

One Big Lesson From the Cyber Range to Help Solve Confirmation Bias

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

Podcast: Reducing Third-Party Risk

Podcast: Development Agility and Open-Source Vulnerability Prioritization

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Webinar: How to Outmatch Data Security Challenges with Cost-Effective, Practical Strategies

Webinar: Total Recon: See You Online, Richter

Digital Identity Trust at Cyber Week 2019 – Tel Aviv, Israel

Webinar: IBM i2 User Group Webinar: Advance Your Existing i2 Capabilities

Tag: Credentials Theft

Why Every Employee in Your Organization Should Learn Social Engineering Vocabulary

Fraudsters Abuse Smartphone Google Calendar Feature to Push Through Scam Offers

Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

Attackers Use EternalBlue and PowerShell Scripts to Spread Cryptomining Malware Across Asia

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Phishing Campaign Makes Use of SingleFile Browser Extension Tool to Obfuscate Malicious Activity

Shade Ransomware Campaign Compromises at Least 500 WordPress and Joomla Websites

New Gustuff Android Trojan Capable of Targeting More Than 100 Banking Apps

Brute-Force Attack Wave Uses Legacy Protocols, Credential Dumps to Compromise Cloud Accounts

Threat Actors Use Fake Copyright Infringement Notifications in Instagram Hacking Campaign