In 2019, Business Email Compromise (BEC) attacks – a long-standing cybersecurity threat – accounted for $1.7 billion in losses, with cybercriminals using new tactics and techniques to carry out existing attacks. As cybercrime spikes in the wake of COVID-19, BEC’s toll is expected to rise this year. The Federal Bureau of Investigation (FBI) recently issued a warning to businesses on the growing threat of BEC attacks using the pandemic as a backdrop for unusual requests like payments to a “new” vendor or a change of account information.
Application programming interfaces (APIs) make everything a bit easier - from data sharing to system connectivity to delivery of critical features and functionality - but they also make it much easier for the bad actors (and the bad bots they deploy). Here are the top 5 API vulnerabilities that get exploited by hackers, including some tips to help close those gaps.
Beginning this fall, the Washington Metropolitan Area Transit Authority (Metro) will partner with Georgetown’s School of Continuing Studies in its efforts to examine and solve some of the cybersecurity issues facing critical infrastructure today.
Digital Shadows has identified 225 new, potentially malicious, typosquats related to the upcoming US presidential elections. Based on the major party tickets, Digital Shadows identified three classes of typosquats - misconfigured or illegitimate sites, non-malicious sites, and sites that redirect to another – associated with election-specific keywords like Trump, Pence, Biden, and Harris, among others.
Multiple intelligence agencies are releasing a joint cybersecurity advisory on technical approaches to incident response and best practices to remediating malicious cyber activity.
The Russian group that meddled in the 2016 election (Internet Research Agency) is now using sham accounts and a fake left-wing news site to sow disinformation, according to The New York Times.
A majority of survey respondents (61%) reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). Forty-nine percent of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organization recovers from the attacks.
Public and private sector partner to start reducing the cybersecurity talent gap and provide participants with up to $75,000 in student loan assistance.
Moscow-based business newspaper Kommersant reported this week that the voter details for millions of Americans is being offered for sale on a Russian hacking site.
