News
The popular malware Raccoon stealer, which suspended operations after a developer allegedly died in the Ukraine invasion, has returned. Raccoon stealer is malware as a service, with the developers selling…
Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s…
Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And…
Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the…
We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage…
While DevOps and site reliability engineering teams often work together and have shared goals, there are important distinctions between the two. This article explores the differences between their functions and…
North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain…
A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S.…
Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication…
Trend Micro Security Researcher, Erin Sindelar, breaks down three popular types of cloud risk assessments to help CISOs and security leaders better explain cyber risk to the board. If you…
Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR…
The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to…
Brave Search, Brave Software’s privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default…
Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. The spyware, dubbed Hermit,…
A person working in the city of Amagasaki, in Western Japan, has mislaid a USB stick which contained data on the city’s 460,000 residents. The USB drive was in a…
The RansomHouse gang claims to have breached the Chipmaker giant AMD and stole 450 GB of data from the company in 2021. The RansomHouse extortion gang claims to have stolen…
This paper provides a taxonomic classification of non-state actors in the cyberspace, analyzing their role and impact on a state’s socioeconomic structure Cyber Non-State Actors (CNSA) are key figures in…
We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems.…
The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties…
Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The…
Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support (EoS) on April 11, 2023. That’s a little more than 9 months from now. A useful and…
CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven…
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference…
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
