A budget-friendly remote access trojan (RAT) that's under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today.Β β¦
US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime.β¦
Opposition is building to India's recently introduced rules on reporting computer security breaches, which have come under fire for being impractical, ineffective, and impinging on privacy.β¦
Most malware attacks now originate from the same region as the victim, according to a new report, a sign that malicious actors are changing their tactics.β¦
The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks β and said they will "take steps" to defend against and respond to Kremlin-orchestrated attacks.β¦
Special report Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security.β¦
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity.β¦
Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages.β¦
New ransomware samples analyzed by Secureworks' threat intelligence team are the latest indication that high-profile ransomware operation REvil is once again up and running after months of relative inactivity.β¦
Miscreants are targeting managed service providers (MSPs) to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes nations' cybersecurity authorities have formally warned in a joint security alert.β¦
Black Hat Asia The war in Ukraine, and the Declaration for the Future of the Internet signed by 60 nations in late April, should be understood in the context of a global effort to recruit the nations of the world into blocs with different attitudes to internet governance.β¦
Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.β¦
Black Hat Asia The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation (ORF), a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative.β¦
Black Hat Asia The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods.β¦
A December attack against a long-standing US college has pushed the institution to permanently close.Β β¦
Intel has disclosed high-severity bugs in its firmware that's used in datacenter servers, workstations, mobile devices, storage products, and other gear. These flaws can be exploited to escalate privileges, leak information, or stop things from working.β¦
A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers.β¦
Black Hat Asia Keep an eye on new Chinese government policies, if you want to anticipate malware attacks, a threat intelligence analyst suggested at the Black Hat Asia conference on Thursday.β¦
Black Hat Asia Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs β 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000.β¦
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team.β¦
Black Hat Asia Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday.β¦
Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.β¦
Black Hat Asia Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.β¦
David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.β¦
A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.β¦
A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and β coming soon β distributed denial-of-service programs, at low prices.β¦
In brief San Francisco police have been using driverless cars for surveillance to assist in law enforcement investigations.β¦
Webinar Some cyberattackers are out to cause mayhem, but the pros are really after one thing. Your data, whether thatβs through exfiltration or encryption.β¦
US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.β¦
Chinaβs Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.β¦
The US Attorneyβs Office has charged a 55-year-old cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who deployed his product.β¦
Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament.Β β¦
A newly implemented e-commerce rating system in the city-state of Singapore has rated Facebook's Marketplace as the least trustworthy e-commerce platform, behind Amazon and its Alibaba-owned Asian analogue Lazada.β¦
Google has a plan β and a new product plus a partnership with developer-focused security shop Snyk β that attempts to make it easier for enterprises to secure their open source software dependencies.β¦
Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be hoodwinked by a relay attack, leading to the theft of the flash motor.β¦
Pay close attention to that resume before offering that work contract.β¦
The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.β¦
The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.β¦
Microsoft has advised its reseller community it needs to pay attention to the debut of improved security tooling aimed at making it harder for attackers to worm their way into your systems through partners.β¦
The average American has their personal information shared in an online ad bidding war 747 times a day. For the average EU citizen, that number is 376 times a day. In one year, 178 trillion instances of the same bidding war happen online in the US and EU.β¦
The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.β¦
Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.β¦
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.β¦
Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week.β¦
Sponsored Post It might feel like youβre facing down the cyber bad guys all on your own sometimes but be assured thatβs not the case. In fact, if you head to CyberThreat 22 this Autumn you can draw on the expertise of some of the worldβs most experienced practitioners.β¦
The US government's alert three months ago warning businesses and government agencies about the threat of BlackByte has apparently done little to slow down the ransomware group's activities.β¦
Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests β namely, advancing anti-Western narratives β according to threat-intel experts at Mandiant.β¦
The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.β¦
The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical βΒ things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.β¦
India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies.β¦
The Canadian government has joined many of its allies and banned the use of Huawei and ZTE tech in its 5G networks, as part of a new telecommunications security framework.β¦
Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.β¦
Updated Microsoft search engine Bing censors terms deemed sensitive in China from its autosuggestion feature internationally, according to research from Citizen Lab.β¦
Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.β¦
Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.β¦
In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom.Β β¦
US president Biden and South Korea's new president Yoon Suk Yeol have pledged further co-operation in many technologies, including joint efforts to combat North Korea.β¦
Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.β¦
Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.β¦
Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams.β¦