lemmydev2

Financial institutions worldwide are facing unprecedented ransomware threats, with new data revealing the staggering economic impact these attacks inflict. In 2024, the average cost of data breaches in the banking sector has reached $6.08 million per incident, marking a 10% increase from the previous year’s figures. Big Data Breaches in Banking (Source – Hunt.io) This […] The post Ransomware Attack on Banks Costs an Average of $6.08 Million Along With Downtime & Reputation Loss appeared first on Cyber Security News.

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]

Circle Internet Group Inc. is launching a payments network designed to allow financial institutions and technology firms to settle cross-border transactions in stablecoins.

Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an internal token logging error and the rollout of a new security feature called MACE […] The post Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users appeared first on Cyber Security News.

In Other Cybercrime Market Drama, BreachForums Marketplace Reboot Branded a FakeJust three months after being disrupted by an intelligence law enforcement operation, the notorious online cybercrime marketplace called Cracked appears to have patched itself up and restarted operations. The recently disrupted BreachForums also claims to be back - although experts remain skeptical.

Businesses are losing out on an average of $98.5 million a year as a consequence of cyber threats, fraud, regulatory hurdles and operational inefficiencies, according to research from FIS and Oxford Economics. The cost of disharmony is highest among technology companies, followed by insurance, financial services and fintech respondents. The study revealed nine sources of disharmony, defined as disruptions and inefficiencies across the money lifecycle, with the most significant ones including: 88% of respondents identified … More → The post Cyber threats now a daily reality for one in three businesses appeared first on Help Net Security.

Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense. Researchers analyzed thousands of alerts, mapping them to the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Top five attack tactics Initial access: Initial access remains the most frequently-observed adversarial tactic, representing more than 27% of escalated alerts. In 2024, … More → The post Cybercriminals blend AI and social engineering to bypass detection appeared first on Help Net Security.

Nearly 9 in 10 apps tested by Zimperium used encryption that did not adhere to best practices.

Researchers have uncovered the true identity of servers hosting one of the most notorious ransomware operations active today. The Medusa Ransomware Group, which has operated with relative anonymity through Tor hidden services, has had its cover blown through a sophisticated exploitation of vulnerabilities in their own infrastructure. This exposure represents a rare instance where cybercriminal […] The post Researchers Deanonymized Medusa Ransomware Group’s Onion Site appeared first on Cyber Security News.

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]

Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving the £50 million trade. Nationally, cases have doubled to 83,900 annually. The real issue, though, isn’t the losing of a phone – it’s what happens next. Thieves are after the valuable digital assets inside the phone. With the proper access, a stolen phone becomes an all-access pass … More → The post The UK’s phone theft crisis is a wake-up call for digital security appeared first on Help Net Security.

arXiv:2404.04991v3 Announce Type: replace Abstract: The open-source software (OSS) ecosystem suffers from security threats caused by malware.However, OSS malware research has three limitations: a lack of high-quality datasets, a lack of malware diversity, and a lack of attack campaign contexts. In this paper, we first build the largest dataset of 24,356 malicious packages from online sources, then propose a knowledge graph to represent the OSS malware corpus and conduct malware analysis in the wild.Our main findings include (1) it is essential to collect malicious packages from various online sources because their data overlapping degrees are small;(2) despite the sheer volume of malicious packages, many reuse similar code, leading to a low diversity of malware;(3) only 28 malicious packages were repeatedly hidden via dependency libraries of 1,354 malicious packages, and dependency-hidden malware has a shorter active time;(4) security reports are the only reliable source for disclosing the malware-based context. Index Terms: Malicious Packages, Software Analysis