New research into how financial crimes are investigated has found that the majority of fraud analysts at financial organizations do not gather evidence from the dark web.

Speaking during Infosecurity Online, Manja Kuchel, senior product marketing manager at SolarWinds, outlined the three key elements of an effective zero-trust approach to security within organizations.

Over 60% of credential stuffing attacks detected over the past two years have been targeted at retail, travel, and hospitality businesses, according to the latest report by Akamai.

Security researchers have lifted the lid on a highly sophisticated global botnet operation performing millions of attacks per day, including cryptocurrency mining, spamming and defacements.

Posing as Marks & Spencer CEO Steve Rowe, the scammers have posted fraudulent adverts that promise victims the chance to win a gift voucher as part of a fictitious prize draw promotion.

According to a new report by VMware Carbon Black, 82% of attacks now involve instances of “counter incident response” where victims claim attackers have the resources to “colonize” victims’ networks.

Speaking at Infosecurity Online, Javvad Malik of KnowBe4 recommended listeners to look for rogue URLs and “lookalike domains” in phishing messages as it is all too common for a URL to be changed.

Nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed, including names, addresses, dates of birth, phone numbers, and Social Security numbers.

The Office of the Comptroller of Currency found that the banks "failed to exercise proper oversight of the decommissioning of two Wealth Management business data centers located in the United States."

Instagram's alleged data mishandling allowed the email addresses and phone numbers of children aged under 18 to become visible to other users. Facebook has denied breaking any privacy laws.