With so many companies employing basic antivirus and anti-malware software, cybercriminals are having to work harder to get their payout.  They’re getting around these programs by recompiling ransomware programs to avoid detection. They’re also using web-based applications to move around businesses’ data – or their money.  Here’s what’s happening in cybersecurity right now.

New Cybersecurity Threat – Credential Stuffing

The SEC is warning that they’re seeing more instances of “credential stuffing” – automated programs that visit web-based app login pages and try thousands of username / password combinations purchased on the Dark Web.  While the SEC is reporting it’s being used to access financial firm’s client money, this technique can easily be used against any type of company.  Read More at Security Magazine

WatchGuard Research Finds 12% Spike in Evasive Threats

Ransomware attacks were slightly down (8%) in Q2, but the number of attacks that couldn’t be detected by Antivirus programs were up.  A growing number of ransomware attacks are deploying executables that are very slightly different from each other.  Antivirus programs don’t see these programs as matching a known threat, so they allow the program to run when executed.  Read More at WatchGuard

 Remote Work Exacerbating Data Sprawl

When every user decides how to share and distribute company data, it ends up in many different places.  With enough data sprawl, it will eventually end up in the wrong hands.  To avoid this, companies should make it easier to share data securely, and implement policies to discourage sharing it insecurely. Read More at Dark Reading

 The Cybersecurity Threat No One Talks About

The QR code has made a comeback as businesses try to make everything touchless – it’s being used for restaurant menus, to complete transactions and on consumer products.   But what if one of those signs is quietly replaced with a different one that downloads malware on your phone?  Read More at Forbes