Phishing

Research: Sextortion Scams more frequent, sophisticated

So-called “sextortion” attacks are a growing threat, replacing other e-mail borne threats like spam, ransomware and business e-mail compromise attacks as they increase in sophistication and scope, a new report finds.

Passwords

Bank Attacks Put Password Insecurity Back in the Spotlight

Two separate attacks on banks in the United States and Pakistan revealed this week highlight once again the inherent weakness of a security practice that relies on passwords or knowledge-based credentials to protect critical information.

Spreading Malware

Cisco Links Remote Access Tool Remcos to Cybercriminal Underground

Questions are being raised about whether remote-access and testing tools from a mysterious company called Breaking Security are made and sold by cyber criminals, after the tools have been widely adopted as a turnkey solution for setting up and running botnets, according to Cisco Talos.

‘Olympic Destroyer’ resurfaces; targets financial organizations, chemical-threat-prevention labs

The Olympic Destroyer malware behind an attack on the 2018 Winter Olympic Games in Seoul resurfaced with new targets in its sites: financial organizations and biological and chemical threat prevention laboratories, according to new research from Kaspersky Lab.

Opinion: Don’t Be Blinded by APTs

In this industry perspective, Thomas Hofmann of Flashpoint says that sensational coverage of advanced persistent threat (APT) actors does little to help small and mid sized firms defend their IT environments from more common threats like cyber criminals. The key to getting cyber defense right is understanding the risks to your firm and prioritizing investments to protect critical IT assets.