HackDig : Dig high-quality web security articles for hackers

TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?

October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trust
Publish At:2021-01-26 12:47 | Read:110 | Comments:0 | Tags:Data Protection Fraud Protection Malware TrickBot Trojan

Credential Stuffing: AI’s Role in Slaying a Hydra

One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have an open door into
Publish At:2021-01-25 09:29 | Read:136 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Artificia

Social Engineering And Social Media: How to Stop Oversharing

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering.   While employees clicking on phishing links still presents a
Publish At:2021-01-13 12:47 | Read:111 | Comments:0 | Tags:Fraud Protection Fraud Phishing Social Media social media en

‘Tis the Season for Nonprofit Cybersecurity Risks to Reach New Heights

The period between Christmas and New Year’s Day has long been the time people give to charities the most, making the charities themselves attractive targets for cyber criminals. Because the events of 2020 will likely boost existing trends, nonprofit cybersecurity challenges may be greater than ever this year — even as groups find themselves with
Publish At:2020-12-26 11:53 | Read:244 | Comments:0 | Tags:Data Protection Fraud Protection holiday Cyberattacks Cyberc

How to Not Fall for a Charity Scam This Holiday Season

This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts. “Seasonal charity scams can pose greater diffi
Publish At:2020-12-18 12:47 | Read:221 | Comments:0 | Tags:Fraud Protection holiday Online Fraud Scam

E-Commerce Skimming is the New POS Malware

As the holiday shopping season shifts into high gear, the COVID-19 pandemic is accelerating an ongoing trend: shoppers are opting to buy online. Rather than flooding brick-and-mortar stores — and point-of-sale (POS) machines — with sales, studies suggest a high percentage of shoppers in 2020 will be using online options and e-commerce
Publish At:2020-12-16 10:05 | Read:244 | Comments:0 | Tags:Fraud Protection Malware Software & App Vulnerabilities E-co

WannaCry: How the Widespread Ransomware Changed Cybersecurity

If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. Yet, on that day no one expected that they were walking into the perfect storm — in the form of WannaCry ransomware, the most damaging cyberattack to date — when they traveled by car, train or fer
Publish At:2020-10-28 16:04 | Read:538 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Incident

Account Fraud is Killing Streaming Services: What Providers Can Do

The use of online streaming services was already burgeoning well before most of the world started spending so much time at home. The current explosion in the demand for video and music streaming services is cause for celebration in the industry, but it has a dark side. Account fraud, sharing and takeover, enabled by password sharing and identity theft, is e
Publish At:2020-10-21 08:34 | Read:404 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Fraud Fra

Jackpotting Reveals Openings in Proprietary Software

Jackpotting, an older ATM theft technique, could show security operations team members what to look out for when it comes to Internet of things (IoT) attacks in general, and even election machine vulnerabilities.  This technique first entered the U.S. cybersecurity lexicon in 2018, when Brian Krebs warned of attacks at American ATMs. Jackpotting, Krebs
Publish At:2020-09-14 10:37 | Read:435 | Comments:0 | Tags:Advanced Threats Fraud Protection Malware ATM ATM Malware Ba

DDoS Attacks Increase in Size, Frequency and Duration

Distributed denial of service (DDoS) attacks are increasing in size, frequency and duration. Kaspersky Lab reported a doubling of DDoS attacks in the first quarter of 2020 compared with the fourth quarter of 2019, plus an 80% jump compared with the same quarter last year. Kaspersky also found that DDoS cyberattacks are increasing in duration. Average attack
Publish At:2020-07-30 19:37 | Read:834 | Comments:0 | Tags:Advanced Threats Application Security Cloud Security Data Pr

Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey

The Ginp mobile banking malware, which emerged in late 2019, is one of the top most prevalent Android banking malware families today. It started as a simple short message server (SMS) stealer and rapidly evolved into one of the most advanced actors in the financial fraud landscape. Ginp has primarily targeted Spanish banks, but recent evidence suggests the m
Publish At:2020-06-18 12:15 | Read:630 | Comments:0 | Tags:Application Security Banking & Financial Services Data Prote

IBM Named a Leader in ‘The Forrester Wave™: Risk-Based Authentication, Q2 2020’

In today’s hybrid multicloud environment, users expect to be able to access their work and personal resources from wherever they are, whenever they need them. With this expanded security perimeter, and especially considering this year’s tectonic shift in remote work, organizations need to be prepared with a distributed security strategy that incorporates pri
Publish At:2020-05-27 15:11 | Read:702 | Comments:0 | Tags:Fraud Protection Identity & Access Risk Management Hybrid Cl

New Study Shows Consumers Could Be Vulnerable to COVID-19 Spam

Since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic on March 11, IBM X-Force has observed a more than 6,000 percent increase in COVID-19-related spam, with lures ranging the full gamut of challenges and concerns facing individuals — from phishing emails impersonating the Small Business Administration (SBA) and the WHO to U.S.
Publish At:2020-05-03 08:13 | Read:925 | Comments:0 | Tags:Advanced Threats Banking & Financial Services Fraud Protecti

Breaking the Ice: A Deep Dive Into the IcedID Banking Trojan’s New Major Version Release

The IcedID banking Trojan was discovered by IBM X-Force researchers in 2017. At that time, it targeted banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites, mainly in the U.S. IcedID has since continued to evolve, and while one of its more recent versions became active in late-2019, X-Force researchers have identifi
Publish At:2020-04-01 07:12 | Read:1178 | Comments:0 | Tags:Fraud Protection Malware Threat Research Banking Malware Ban

TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany

IBM X-Force researchers recently analyzed an Android malware app that’s likely being pushed to infected users by the TrickBot Trojan. This app, dubbed “TrickMo” by our team, is designed to bypass strong authentication methods that bank customers use when they need to authorize a transaction. Though it’s not the first of its kind, this
Publish At:2020-03-24 07:55 | Read:1104 | Comments:0 | Tags:Advanced Threats Risk Management Threat Intelligence Android

Tools

Tag Cloud