SEARCH
All Articles
Prometei Botnet Tracks Down Vulnerable Exchange Servers
Yet another cryptocurrency mining malware family is attempting to compromise the Microsoft Exchange ProxyLogon flaws.
CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion
CISA investigated an enterprise intrusion in which the attacker had legitimate credentials for the Pulse Secure VPN and then deployed the Supernova malware on a SolarWinds Orion instance.
ToxicEye Malware Leverages Telegram For C2
Researchers have uncovered a new RAT that contains data exfiltration capabilities and relies on Telegram for command-and-control (C2) communications.
The Hacker Movie Awards
It's Oscars season, so to celebrate the good, the bad, and the terrible in hacker movies, Zoe Lindsey, Pete Baker, and Dennis Fisher convene to hand out some fake awards for fake hacking.
New Bill Would Bar Federal Agencies From Buying Data
The Fourth Amendment Is Not For Sale Act targets loopholes in the law that permit data brokers to sell American’s private data to government agencies without a court order.
Chinese Attackers Target Pulse Secure Flaw in Government and Enterprise Networks
A new China-aligned threat group known as UNC2630 is using a zero day in Pulse Connect Secure VPN to breach government agencies and enterprises.
Lazarus APT Cloaks Payloads With BMP Image Files
The Lazarus threat group is hiding its payloads in bitmap image (BMP) files, as seen in spear-phishing attacks targeting victims in South Korea.
Decipher Podcast: Steve Ragan
Steve Ragan, security researcher with Akamai, joins Lindsey O’Donnell-Welch to discuss the evolution of phishing kits over the past year, and how attacks on the identity and trust model will change as employees start to go back into the office.
China’s Big Data Boom Spurs a Flourishing Underground Economy
As part of a prosperous Chinese-language underground economy, cybercriminals are illegally monetizing big data by selling it to scammers, threat groups or even marketers.
More Malware Targets M1-Based Macs
A recent variant of the XCSSET malware has the capability to infect ARM M1-based Macs in addition to x86-based machines.
New Bill Would Curb the Export of Americans’ Data
The newly-proposed U.S. draft bill would introduce a license requirement for foreign companies to trade U.S. citizens’ personal information.
Popular Codecov Bash Uploader Tool Compromised
The Codecov Bash Uploader tool, used widely in ,any development environments, was compromised in January, potentially causing serious downstream problems.
Russian APT Group Actively Exploiting Flaws, U.S. Agencies Warn
The U.S. federal agency advisory on the active exploits of five flaws comes in tandem with the U.S. government formally attributing the SolarWinds supply-chain attack to Russian Foreign Intelligence Service (SVR) actors.
U.S. Sanctions Russia in Wake of Recent Cyber Attacks
The U.S. has imposed new economic sanctions against the Russian government and several IT security companies in the wake of the SolarWinds intrusion and other attacks.
Lazarus Group Adds JavaScript Sniffer to Cryptocurrency-Stealing Arsenal
The Lazarus threat group utilized a modified JavaScript sniffer to steal cryptocurrency from unsuspecting e-commerce website consumers.