Check Point a security company recently conducted an investigation which reveals that a single hacker at Lagos, Nigeria has been trying hacking the systems of 4,000-and-more organizations worldwide employing obsolete tools and rudimentary techniques. Even though security professionals would find the mode-of-operation hilariously trivial, yet the attacker attained success within no less

Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard. In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet. Specified in RFC 7489 to combine Sender Policy Framework

A new study has lifted the lid on the booming ecosystems of fake websites that underpin phishing scams, revealing a wide variety of prices and products from cheap knock-ups to bespoke fraud services offering concierge-level customer support. Infosec firm Clearsky surfed popular Russian and English-speaking underground boards and forums, looking for fake webpage creation services. Researchers then

The number one issue facing cybersecurity firms is a “chronic shortage” of qualified staff. That’s according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. “The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It’s an absolute epidemic,” Morgan told supply-chain blog Channelnomics. Morgan’s company in 2016 gathered feedback from

One of four men accused of carrying out the megahack of 500 million Yahoo! email accounts has pleaded not guilty in a San Francisco district court. Karim Baratov, 22, was extradited from his Canadian home last weekend after waiving his right to fight going to America for the court case. He denied 47 separate charges of

Crooks slinging mobile trojans have reverted to old techniques by stealing users’ money through WAP-billing services. The “unusual” rise in mobile trojan clickers that steal money from Android users through Wireless Application Protocol (WAP) billing has been tracked by security researchers at Kaspersky Lab. The unexpected trend had been in evidence for a while, but

A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links redirecting victims to sites designed to harvest corporate email credentials. Researchers at Flashpoint said it’s likely

Telstra has launched its Sydney-based cybersecurity centre, with the telecommunications provider also announcing a new “secure internet initiative”. With the latest security operations centre (SOC) officially open for customers from Thursday, Telstra now has centres live in Sydney, Melbourne, and Canberra ahead of launching more across the globe, Telstra CEO Andy Penn told ZDNet. “There will

Zerodium has increased the financial reward for researchers who submit valid zero-day flaws with the introduction of a new pricing structure. The premium exploit seller is particularly keen to get its hands on unknown vulnerabilities which can be used to exploit popular messaging apps, such as iMessage, Telegram, WhatsApp, Signal, Facebook, Viber, and WeChat, alongside traditional SMS/MMS