Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices.

Attackers Use Event Logs to Hide Fileless Malware

A sophisticated campaign utilizes a novel anti-detection method.

China-linked APT Caught Pilfering Treasure Trove of IP

A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.

VHD Ransomware Linked to North Korea’s Lazarus Group

Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.

CANs Reinvent LANs for an All-Local World

A close look at a new type of network, known as a Cloud Area Network.

USB-based Wormable Malware Targets Windows Installer

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

Podcast: The State of the Secret Sprawl

In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, as well as ways that developers can keep their code safe.

FBI: Rise in Business Email-based Attacks is a $43B Headache

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

Low-rent RAT Worries Researchers

Researchers say a hacker is selling access to quality malware for chump change.

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

Hackers Actively Exploit F5 BIG-IP Bug

The bug has a severe rating of 9.8, public exploits are released.

Ransomware Deals Deathblow to 157-year-old College

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

Actively Exploited Zero-Day Bug Patched by Microsoft

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

Intel Memory Bug Poses Risk for Hundreds of Products

Dell and HP were among the first to release patches and fixes for the bug.

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.

Malware Builder Leverages Discord Webhooks

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft's May Patch Tuesday update is triggering authentication errors.

iPhones Vulnerable to Attack Even When Turned Off

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

DOJ Says Doctor is Malware Mastermind

The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

380K Kubernetes API Servers Exposed to Public Internet

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

Closing the Gap Between Application Security and Observability

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 

Snake Keylogger Spreads Through Malicious PDFs

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Fronton IOT Botnet Packs Disinformation Punch

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Verizon Report: Ransomware, Human Error Among Top Security Risks

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

Zoom Patches ‘Zero-Click’ RCE Bug

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

Link Found Connecting Chaos, Onyx and Yashma Ransomware

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

Cybergang Claims REvil is Back, Executes DDoS Attacks

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

Critical Flaws in Popular ICS Platform Can Trigger RCE

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Being Prepared for Adversarial Attacks – Podcast

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]

International Authorities Take Down Flubot Malware Network

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

Scammers Target NFT Discord Channel

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

Cybercriminals Expand Attack Radius and Ransomware Pain Points

Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.

Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Conducting Modern Insider Risk Investigations

Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.

Cyber Risk Retainers: Not Another Insurance Policy

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.

Black Basta Ransomware Teams Up with Malware Stalwart Qbot

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

Paying Ransomware Paints Bigger Bullseye on Target’s Back

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

Taming the Digital Asset Tsunami

Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.

Feds Forced Travel Firms to Share Surveillance Data on Hacker

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

Potent Emotet Variant Spreads Via Stolen Email Credentials

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

U.S. Water Utilities Prime Cyberattack Target, Experts

Environmentalists and policymakers warn water treatment plants are ripe for attack.

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

Linux Malware Deemed ‘Nearly Impossible’ to Detect

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Attackers gained access to private account details through an email compromise incident that occurred in April.