Hello.

An attack is what you see, but a business operation is what you're up against In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint . They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S. history – but never got their cut of the $22 million ransom payment . BlackCat’s operators had taken the money and vanished, putting up a fake FBI seizure notice on their leak site to cover t

Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Receiving a data breach notice may have once been a rare event. With data breaches hitting record numbers, however, these notifications are no longer as surprising as they once were. In the US alone, there were 3,322 such breaches reported last year, resulting in nearly 280 million notices being emailed to victims. In Europe, daily incidents grew by 2

Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them. Japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and HR‑related communications. A threat actor known as Silver Fox is actively exploiting this busy period by conducting a targeted spearphishing campaign against Japanese manufacturers and other businesses. The

When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle. In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone. The playbook of ‘yore’ largely involved locking files or systems and demanding payment for a decryption key,

Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Can you imagine all of the things you’ll leave behind when your time is finally up? Heirlooms? Property? Other ‘tangibles’? Now just have a think about all of the digital assets you’re likely to leave for loved ones to manage. Email accounts, shared photos, passwords, playlists, social media profiles and smart devices. The difference is that these may be c

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. The worst thing you can do after falling victim to fraud is let your guard down. Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they take them. It doesn’t matter if it involves re-victimizing someone who has already been defrauded, raising false hopes and exploiting th

What you do – and how fast – after an account is compromised often matters more than it may seem Cybercriminals go after people’s personal information  across every kind of online platform, including WhatsApp , Instagram , LinkedIn , Roblox , YouTube  and Spotify , not to mention finance apps. No online account is off the table. If one of your own accounts falls victim, the first priority is to avoid losing your cool and act immediately – the faster you move, the more of the

The resurgence of one of Russia’s most notorious APT groups Since April 2024, Sednit’s advanced development team has reemerged with a modern toolkit centered on two paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. This dual‑implant approach enabled long‑term surveillance of Ukrainian military personnel. Interestingly, these current toolsets show a direct code lineage to the group’s 2010‑era implants. Key points of this blo

Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves. Twenty years ago, almost to the day, Amazon Web Services (AWS)  launched  Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service  opened  for public beta testing before rolling out officially in 2008. These events sparked the era of modern on-demand cloud storage and computing that changed h