SEARCH
All Articles
Law Enforcement Update Kills Emotet on Infected Devices
An uninstall process, pushed out to infected devices as part of the takedown of Emotet by law enforcement, has been triggered to kill the malware.
Supply Chain Attack Hits Passwordstate Password Manager
An attacker was able to compromise the update mechanism for the Click Studios Passwordstate password manager and insert a malicious DLL that harvested victims' usernames and passwords.
Majority of U.S. Government Agencies Have Launched VDPs
On the heels of a September mandate from CISA, 90 percent of cabinet-level agencies have now published a vulnerability-disclosure policy (VDP).
Researchers Find New Chunk of SolarWinds Attackers’ Infrastructure
Researchers from RiskIQ have identified 18 additional C2 servers used by the APT29 attackers in their operation against SolarWinds and its customers.
Prometei Botnet Tracks Down Vulnerable Exchange Servers
Yet another cryptocurrency mining malware family is attempting to compromise the Microsoft Exchange ProxyLogon flaws.
CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion
CISA investigated an enterprise intrusion in which the attacker had legitimate credentials for the Pulse Secure VPN and then deployed the Supernova malware on a SolarWinds Orion instance.
ToxicEye Malware Leverages Telegram For C2
Researchers have uncovered a new RAT that contains data exfiltration capabilities and relies on Telegram for command-and-control (C2) communications.
The Hacker Movie Awards
It's Oscars season, so to celebrate the good, the bad, and the terrible in hacker movies, Zoe Lindsey, Pete Baker, and Dennis Fisher convene to hand out some fake awards for fake hacking.
New Bill Would Bar Federal Agencies From Buying Data
The Fourth Amendment Is Not For Sale Act targets loopholes in the law that permit data brokers to sell American’s private data to government agencies without a court order.
Chinese Attackers Target Pulse Secure Flaw in Government and Enterprise Networks
A new China-aligned threat group known as UNC2630 is using a zero day in Pulse Connect Secure VPN to breach government agencies and enterprises.
Lazarus APT Cloaks Payloads With BMP Image Files
The Lazarus threat group is hiding its payloads in bitmap image (BMP) files, as seen in spear-phishing attacks targeting victims in South Korea.
Decipher Podcast: Steve Ragan
Steve Ragan, security researcher with Akamai, joins Lindsey O’Donnell-Welch to discuss the evolution of phishing kits over the past year, and how attacks on the identity and trust model will change as employees start to go back into the office.
China’s Big Data Boom Spurs a Flourishing Underground Economy
As part of a prosperous Chinese-language underground economy, cybercriminals are illegally monetizing big data by selling it to scammers, threat groups or even marketers.
More Malware Targets M1-Based Macs
A recent variant of the XCSSET malware has the capability to infect ARM M1-based Macs in addition to x86-based machines.
New Bill Would Curb the Export of Americans’ Data
The newly-proposed U.S. draft bill would introduce a license requirement for foreign companies to trade U.S. citizens’ personal information.