Trend Micro spotted recent malicious activity conducted by cybercriminal group Confucius. The hackers launched a spear-phishing campaign using Pegasus lures to trick users into clicking on a malicious document that downloads a data theft code. The attack begins with a clean email that contains a text copied from a show more ...
In the first six months of this year, 600 vulnerabilities were discovered in ICS products (Industrial Control Systems), impacting 76 vendors. The number of vulnerabilities increased by 41% in the same period, according to Claroty's ICS Risk & Vulnerability Report: H1 2021. As the need to connect devices to the show more ...
In recent months, more crypto exchange platforms have been targeted by hackers. The most recent attack resulted in the theft of $97 million worth of digital assets from the Japanese cryptocurrency exchange Liquid, according to ZDNet. Liquid did not provide an estimate of damages because it is subject to analyses of show more ...
In this week’s episode of the podcast (#223), we are joined by Josh Corman and Lisa Young of the COVID task force at CISA to talk about the agency’s work to improve the security of critical sectors of the U.S. economy. Job #1: erase the so-called security “poverty line” that keeps small, poorly resourced firms show more ...
The stolen data reportedly includes 969 databases from ACSystem, NewOrangeTee, OT_Analytics, OT_Leave, and ProjInfoListing, ranging from corporate/financial records to customer private personal and financial information.
In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet.
The security experts of the cybersecurity firm, Volexity have recently reported an attack through which the North Korean Hacker Group using browser exploits to deploy the customer malware on the website.
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide.
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
In research presented at the Defcon security conference this month, a researcher found workarounds that attackers could potentially use to get past Google's enhanced Workspace protections.
Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon.
The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software.
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. As part of this rebranding, the threat actors released the master decryption keys on their Tor data leak site.
Researchers discovered a new adversarial attack, OPAD, that can gull AI technologies to modify the appearance of real 3D objects. One of the critical factors of such an attack is that no physical access is required for the objects. The successful demonstration of OPAD shows the possibility of using an optical system to modify faces or surveillance tasks.
Whitepaper discussing JavaScript static analysis. Written in Arabic.
T-Mobile has confirmed media reports from earlier this week that it had suffered a serious data breach. And it's not just existing T-Mobile users who should be alarmed, but former and prosepective customers as well.
