Working oil pumps are seen against a sunset sky. Intezer uncovered a year-long spear-phishing campaign against energy companies. (Getty Images)An unknown group has been conducting a year-long spear-phishing campaign against…
Hackers appeared to be taking advantage of a vulnerability first published in 2019. Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since. (AnneElizH/CC…
a so-called “nameless” undetected malware stole a database in the cloud that contained some 1.2 terabytes of files, cookies, and credentials that came from 3.2 million Windows-based computers. (Photo by…
University of College London campus. Researchers identified a number of promising machine learning techniques that may help improve detection of untracked or zero day malware. (University College of London)An academic-private…
A visitor photographs a symbol of a cloud at the Deutsche Telekom stand the day before the CeBIT technology trade fair. Researchers have discovered what they believe is the first…
FireEye Mandiant, working in in tandem with the Cybersecurity and Infrastructure Security Agency and Ivanti, reported details of 16 malware families exclusively designed to infect Ivanti Pulse Connect Secure VPN…
An aerial view of a wastewater treatment plant in California. An attempt to poison the Oldsmar, Florida water supply by hijacking a remote access system demonstrates the critical threat tied…
An Apple Store in Hong Kong. (ChIfcapsho, CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0, via Wikimedia Commons)Apple patched a vulnerability that was actively exploited by malware actors to bypass the Transparency Consent and…
Ferris, the Rust mascot Developers of the malicious downloader Buer have taken the unusual step of rewriting the malware in a lesser-known Rust programming language, presumably to avoid detection while…
Proofpoint offices in Toronto, Canada. (Raysonho @ Open Grid Scheduler / Scalable Grid Engine, CC0, via Wikimedia Commons)Researchers issued a warning on Wednesday to any company running cloud apps, reporting…
GitHub CEO Nat Friedman speaks at GitHub Universe 2020. GitHub on Thursday solicited the comments of the security research community on its new, apparently stricter policies for posting malware and…
Assistant Attorney General for National Security John Demers, speaks during a virtual news conference at the Department of Justice on October 28, 2020 in Washington, D.C. Demers said at a…
A newly discovered bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet. Here, Apple CEO Tim Cook announces…
On Sunday, Europol will end a three-month-long process of dismantling the Emotet botnet by triggering a time-activated .dll to delete malware from the systems.. (Europol)On Sunday, Europol will end a…
Mitre Engenuity – The Mitre Corporation’s tech foundation for public good – released the results of its independent evaluation of 29 vendors to see how their products were able to…
Urs Holzle, Senior Vice President for Technical Infrastructure at Google, speaks on the Google Cloud Platform during a Google I/O Developers Conference in San Francisco, California. A large portion of…
Activision reported finding postings on hacking forums on YouTube by a threat actor promoting a Remote Access Trojan that can be embedded in cheat mods for games like Call of…
Researchers disrupted a newly documented Chinese-based malware called CopperStealer that, since significant countermeasures started in late January, infected up to 5,000 individual hosts per day, stealing credentials of users on…
A man stands in front of Apple store in Berlin, Germany. Threat actors have abused the Run Script feature in Apple’s Xcode integrated development environment (IDE) to infect Apple developers…
Organizations that boosted security budgets in response to the SolarWinds hack invested the most in threat hunting. (“SolarWinds letters” by sfoskett is licensed under CC BY-NC-SA 2.0)Organizations that boosted security budgets in response to…
A developer published via GitHub a proof-of-concept (POC) ransomware program featuring strong compatibility with the post-exploitation tool Cobalt Strike, open-source coding, and extensionless encryption. The author claims the program, dubbed…
Microsoft released details on later-stage malware the company says was used by the group behind the SolarWinds espionage campaign. (Microsoft)Microsoft released details Thursday on later-stage malware the company says was…
Along with the Pirrit Mac adware identified earlier this week, researchers from Red Canary identified Thursday a different malware strain (Jon Rawlinson/CC BY 2.0))In just three months, hackers have debuted…
Microsoft’s Detection and Response and 365 Defender teams are sounding the alarm that the number of observed attacks using web shell malware have nearly doubled since last year. (Microsoft)The presence…
